Documentation
¶
Index ¶
- Constants
- func AddTLSFlagsToCmd(cmd *cobra.Command) func() (ConfigCustomizer, error)
- func BestEffortSystemCertPool() *x509.CertPool
- func CreateServerTLSConfig(tlsCertPath, tlsKeyPath string, hosts []string) (*tls.Config, error)
- func EncodeX509KeyPair(cert tls.Certificate) ([]byte, []byte)
- func EncodeX509KeyPairString(cert tls.Certificate) (string, string)
- func GenerateX509KeyPair(opts CertOptions) (*tls.Certificate, error)
- func LoadX509Cert(path string) (*x509.Certificate, error)
- func LoadX509CertPool(paths ...string) (*x509.CertPool, error)
- type CertOptions
- type ConfigCustomizer
Constants ¶
const (
DefaultRSABits = 2048
// The default TLS cipher suites to provide to clients - see https://cipherlist.eu for updates
// Note that for TLS v1.3, cipher suites are not configurable and will be chosen automatically.
DefaultTLSCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
// The default minimum TLS version to provide to clients
DefaultTLSMinVersion = "1.2"
// The default maximum TLS version to provide to clients
DefaultTLSMaxVersion = "1.3"
)
Variables ¶
This section is empty.
Functions ¶
func AddTLSFlagsToCmd ¶
func AddTLSFlagsToCmd(cmd *cobra.Command) func() (ConfigCustomizer, error)
Adds TLS server related command line options to a command and returns a TLS config customizer object, set up to the options specified
func BestEffortSystemCertPool ¶
func BestEffortSystemCertPool() *x509.CertPool
BestEffortSystemCertPool returns system cert pool as best effort, otherwise an empty cert pool
func CreateServerTLSConfig ¶
func CreateServerTLSConfig(tlsCertPath, tlsKeyPath string, hosts []string) (*tls.Config, error)
CreateServerTLSConfig will provide a TLS configuration for a server. It will either use a certificate and key provided at tlsCertPath and tlsKeyPath, or if these are not given, will generate a self-signed certificate valid for the specified list of hosts. If hosts is nil or empty, self-signed cert creation will be disabled.
func EncodeX509KeyPair ¶
func EncodeX509KeyPair(cert tls.Certificate) ([]byte, []byte)
EncodeX509KeyPair encodes a TLS Certificate into its pem encoded format for storage
func EncodeX509KeyPairString ¶
func EncodeX509KeyPairString(cert tls.Certificate) (string, string)
EncodeX509KeyPairString encodes a TLS Certificate into its pem encoded string format
func GenerateX509KeyPair ¶
func GenerateX509KeyPair(opts CertOptions) (*tls.Certificate, error)
GenerateX509KeyPair generates a X509 key pair
func LoadX509Cert ¶
func LoadX509Cert(path string) (*x509.Certificate, error)
LoadX509Cert loads PEM data from a file and returns the resulting Certificate
func LoadX509CertPool ¶
func LoadX509CertPool(paths ...string) (*x509.CertPool, error)
LoadX509CertPool loads PEM data from a list of files, adds them to a CertPool and returns the resulting CertPool
Types ¶
type CertOptions ¶
type CertOptions struct {
// Hostnames and IPs to generate a certificate for
Hosts []string
// Name of organization in certificate
Organization string
// Creation date
ValidFrom time.Time
// Duration that certificate is valid for
ValidFor time.Duration
// whether this cert should be its own Certificate Authority
IsCA bool
// Size of RSA key to generate. Ignored if --ecdsa-curve is set
RSABits int
// ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521
ECDSACurve string
}
type ConfigCustomizer ¶
type ConfigCustomizer = func(*tls.Config)
Source Files