tls

package

v0.6.0 Latest Latest Go to latest Published: Jun 17, 2026 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dd0wney/graphdb

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateAndSaveCertificate(cfg *Config, certFile, keyFile string) error
func GenerateSelfSignedCert(cfg *Config) (tls.Certificate, error)
func LoadCAPool(caFile string) (*x509.CertPool, error)
func LoadTLSConfig(cfg *Config) (*tls.Config, error)
func SaveCertificate(cert tls.Certificate, certFile, keyFile string) error
func SecureCipherSuites() []uint16
func VerifyCertificate(certFile string) error
type CertificateInfo
- func GetCertificateInfo(certFile string) (*CertificateInfo, error)
- func (ci *CertificateInfo) ExpiresIn() time.Duration
- func (ci *CertificateInfo) IsExpired() bool
type Config
- func DefaultConfig() *Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateAndSaveCertificate ¶

func GenerateAndSaveCertificate(cfg *Config, certFile, keyFile string) error

GenerateAndSaveCertificate generates a self-signed certificate and saves it to files

func GenerateSelfSignedCert ¶

func GenerateSelfSignedCert(cfg *Config) (tls.Certificate, error)

GenerateSelfSignedCert generates a self-signed certificate

func LoadCAPool ¶

func LoadCAPool(caFile string) (*x509.CertPool, error)

LoadCAPool loads a CA certificate pool from a file

func LoadTLSConfig ¶

func LoadTLSConfig(cfg *Config) (*tls.Config, error)

LoadTLSConfig loads or generates TLS configuration

func SaveCertificate ¶

func SaveCertificate(cert tls.Certificate, certFile, keyFile string) error

SaveCertificate saves a certificate and private key to files

func SecureCipherSuites ¶

func SecureCipherSuites() []uint16

SecureCipherSuites returns a list of secure cipher suites Based on OWASP and Mozilla recommendations (2024)

func VerifyCertificate ¶

func VerifyCertificate(certFile string) error

VerifyCertificate verifies a certificate file

Types ¶

type CertificateInfo ¶

type CertificateInfo struct {
	Subject      string
	Issuer       string
	SerialNumber string
	NotBefore    time.Time
	NotAfter     time.Time
	DNSNames     []string
	IsCA         bool
}

CertificateInfo holds certificate metadata

func GetCertificateInfo ¶

func GetCertificateInfo(certFile string) (*CertificateInfo, error)

GetCertificateInfo returns information about a certificate

func (*CertificateInfo) ExpiresIn ¶

func (ci *CertificateInfo) ExpiresIn() time.Duration

ExpiresIn returns the time until certificate expiration

func (*CertificateInfo) IsExpired ¶

func (ci *CertificateInfo) IsExpired() bool

IsExpired checks if the certificate has expired

type Config ¶

type Config struct {
	Enabled  bool   // Enable TLS
	CertFile string // Path to certificate file
	KeyFile  string // Path to private key file
	CAFile   string // Path to CA certificate (for client verification)

	// Certificate generation options (if CertFile/KeyFile not provided)
	AutoGenerate bool          // Auto-generate self-signed certificates
	Hosts        []string      // Hostnames/IPs for generated certificate
	Organization string        // Organization name for generated certificate
	ValidFor     time.Duration // Certificate validity duration (default 1 year)

	// TLS security settings
	MinVersion         uint16             // Minimum TLS version (default TLS 1.2)
	CipherSuites       []uint16           // Allowed cipher suites (default secure subset)
	ClientAuth         tls.ClientAuthType // Client certificate requirement
	InsecureSkipVerify bool               // Skip certificate verification (NOT for production)
}

Config holds TLS configuration options

func DefaultConfig ¶

func DefaultConfig() *Config

DefaultConfig returns a secure TLS configuration with recommended defaults

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL