Documentation
¶
Overview ¶
Package tls provides utilities for working with TLS certificates and configurations.
Index ¶
- func CertificateFromKeyAndCertificateFiles(ctx context.Context, key, cert string, waitConfig FileWaitConfig) ([]tls.Certificate, error)
- func CertificatesFromSinglePEMFile(ctx context.Context, singlePEMFile string, waitConfig FileWaitConfig) ([]tls.Certificate, error)
- func CreateAndSaveSelfSignedKeyPair(config SelfSignedConfig, certPath, keyPath string) (*tls.Certificate, *x509.CertPool, error)
- func CreateSelfSignedKeyPair(config SelfSignedConfig) (*tls.Certificate, *x509.CertPool, error)
- func LoadCertPoolFromFile(certPoolPath string) (*x509.CertPool, error)
- func LoadKeyPairAndCertsFromFile(path string) (*tls.Certificate, error)
- func LoadKeyPairFromFiles(certPath, keyPath string) (*tls.Certificate, error)
- func LoadX509CertFromFile(certPath string) (*x509.Certificate, error)
- func NewAutocertManagerFromConfig(c AutoCertConfig) *autocert.Manager
- func NewAutocertTLSConfig(c AutoCertConfig) (*tls.Config, error)
- func NewClientTLSConfig(c ClientConfig) (*tls.Config, error)
- func NewLocalTLSConfig(ctx context.Context, config LocalConfig) (*tls.Config, error)
- func NewSelfSignedTLSConfig(config SelfSignedConfig) (*tls.Config, error)
- func NewServerTLSConfig(ctx context.Context, c ServerConfig) (*tls.Config, error)
- func SaveTLSCertificateToFile(cert *tls.Certificate, filename string, perm int) error
- func SaveTLSCertificateToFiles(cert *tls.Certificate, certPath, keyPath string) error
- type AutoCertConfig
- type CertificateSubject
- type ClientConfig
- type ConfigFunc
- type FileWaitConfig
- type LocalConfig
- type SANConfig
- type SelfSignedConfig
- type ServerConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CertificateFromKeyAndCertificateFiles ¶ added in v0.37.0
func CertificateFromKeyAndCertificateFiles(ctx context.Context, key, cert string, waitConfig FileWaitConfig) ([]tls.Certificate, error)
CertificateFromKeyAndCertificateFiles loads certificate and key from separate files.
func CertificatesFromSinglePEMFile ¶ added in v0.37.0
func CertificatesFromSinglePEMFile(ctx context.Context, singlePEMFile string, waitConfig FileWaitConfig) ([]tls.Certificate, error)
CertificatesFromSinglePEMFile loads certificate and key from a single PEM file.
func CreateAndSaveSelfSignedKeyPair ¶
func CreateAndSaveSelfSignedKeyPair(config SelfSignedConfig, certPath, keyPath string) (*tls.Certificate, *x509.CertPool, error)
CreateAndSaveSelfSignedKeyPair creates and saves a self-signed key pair to files.
func CreateSelfSignedKeyPair ¶
func CreateSelfSignedKeyPair(config SelfSignedConfig) (*tls.Certificate, *x509.CertPool, error)
CreateSelfSignedKeyPair creates a self-signed key pair in memory. pulled from inet.af/tcpproxy
func LoadCertPoolFromFile ¶
LoadCertPoolFromFile loads a certificate pool from a PEM file.
func LoadKeyPairAndCertsFromFile ¶
func LoadKeyPairAndCertsFromFile(path string) (*tls.Certificate, error)
LoadKeyPairAndCertsFromFile From: https://gist.github.com/ukautz/cd118e298bbd8f0a88fc LoadKeyPairAndCertsFromFile reads file, divides into key and certificates
func LoadKeyPairFromFiles ¶
func LoadKeyPairFromFiles(certPath, keyPath string) (*tls.Certificate, error)
LoadKeyPairFromFiles loads a TLS certificate and key pair from PEM files.
func LoadX509CertFromFile ¶
func LoadX509CertFromFile(certPath string) (*x509.Certificate, error)
LoadX509CertFromFile loads an X.509 certificate from a PEM file.
func NewAutocertManagerFromConfig ¶ added in v0.37.0
func NewAutocertManagerFromConfig(c AutoCertConfig) *autocert.Manager
NewAutocertManagerFromConfig creates an ACME autocert manager from the given config.
func NewAutocertTLSConfig ¶ added in v0.37.0
func NewAutocertTLSConfig(c AutoCertConfig) (*tls.Config, error)
NewAutocertTLSConfig creates a TLS configuration with automatic certificate management.
func NewClientTLSConfig ¶ added in v0.37.0
func NewClientTLSConfig(c ClientConfig) (*tls.Config, error)
NewClientTLSConfig creates a TLS configuration for a client from the given config.
func NewLocalTLSConfig ¶ added in v0.37.0
NewLocalTLSConfig creates a TLS configuration from local certificate and key files.
func NewSelfSignedTLSConfig ¶ added in v0.37.0
func NewSelfSignedTLSConfig(config SelfSignedConfig) (*tls.Config, error)
NewSelfSignedTLSConfig creates a TLS configuration with a self-signed certificate.
func NewServerTLSConfig ¶ added in v0.37.0
NewServerTLSConfig creates a TLS configuration for a server from the given config.
func SaveTLSCertificateToFile ¶ added in v0.37.6
func SaveTLSCertificateToFile(cert *tls.Certificate, filename string, perm int) error
SaveTLSCertificateToFile saves a tls.Certificate to a file
func SaveTLSCertificateToFiles ¶
func SaveTLSCertificateToFiles(cert *tls.Certificate, certPath, keyPath string) error
SaveTLSCertificateToFiles saves a tls.Certificate to a certificate and key file
Types ¶
type AutoCertConfig ¶
type AutoCertConfig struct {
CacheDirectory string `mapstructure:"cache-directory" json:",omitempty"`
Email string `mapstructure:"email" json:",omitempty"`
AllowedHosts []string `mapstructure:"allowed-hosts" json:",omitempty"`
DirectoryURL string `mapstructure:"directory-url" json:",omitempty"`
}
AutoCertConfig specifies automatic certificate configuration using ACME.
type CertificateSubject ¶ added in v0.37.0
type CertificateSubject struct {
Country []string `mapstructure:"c" json:"country,omitempty"`
Organization []string `mapstructure:"o" json:"organization,omitempty"`
OrganizationalUnit []string `mapstructure:"ou" json:"organizational_unit,omitempty"`
Locality []string `mapstructure:"l" json:"locality,omitempty"`
Province []string `mapstructure:"st" json:"province,omitempty"`
StreetAddress []string `mapstructure:"street" json:"street_address,omitempty"`
PostalCode []string `mapstructure:"postalcode" json:"postal_code,omitempty"`
SerialNumber string `mapstructure:"serialnumber" json:"serial_number,omitempty"`
CommonName string `mapstructure:"cn" json:"common_name,omitempty"`
}
CertificateSubject defines X.509 certificate subject information.
type ClientConfig ¶
type ClientConfig struct {
RootCAFile string `mapstructure:"root-ca-file" json:",omitempty"`
Certificate string `mapstructure:"cert" json:",omitempty"`
Key string `mapstructure:"key" json:",omitempty"`
InsecureSkipVerify bool `mapstructure:"insecure-skip-verify"`
}
ClientConfig specifies TLS client configuration.
type ConfigFunc ¶ added in v0.37.0
ConfigFunc is a function type that returns a TLS configuration.
func NewAutocertTLSConfigFunc ¶ added in v0.37.0
func NewAutocertTLSConfigFunc(c AutoCertConfig) ConfigFunc
NewAutocertTLSConfigFunc creates a ConfigFunc for automatic certificate configuration.
func NewLocalTLSConfigFunc ¶ added in v0.37.0
func NewLocalTLSConfigFunc(ctx context.Context, c LocalConfig) ConfigFunc
NewLocalTLSConfigFunc creates a ConfigFunc for loading certificates from local files.
func NewSelfSignedTLSConfigFunc ¶ added in v0.37.0
func NewSelfSignedTLSConfigFunc(c SelfSignedConfig) ConfigFunc
NewSelfSignedTLSConfigFunc creates a ConfigFunc for self-signed certificate configuration.
type FileWaitConfig ¶ added in v0.37.0
type FileWaitConfig struct {
WaitInterval uint `mapstructure:"file-wait-interval" json:",omitempty"`
WaitMax uint `mapstructure:"file-wait-max" json:",omitempty"`
}
FileWaitConfig specifies wait parameters for loading certificate files.
type LocalConfig ¶ added in v0.37.0
type LocalConfig struct {
SinglePEMFile string `mapstructure:"single-pem-file" json:",omitempty"`
Certificate string `mapstructure:"cert" json:",omitempty"`
Key string `mapstructure:"key" json:",omitempty"`
FileWaitConfig FileWaitConfig `mapstructure:"file-wait-config,squash" json:",omitempty,squash"`
}
LocalConfig specifies local certificate and key file locations.
type SANConfig ¶ added in v0.37.0
type SANConfig struct {
DNSNames []string `mapstructure:"dns-names" json:"dns_names,omitempty"`
IPAddresses []string `mapstructure:"ip-addresses" json:"ip_addresses,omitempty"`
}
SANConfig specifies Subject Alternative Names for a certificate (DNS names and IP addresses).
type SelfSignedConfig ¶
type SelfSignedConfig struct {
Subject CertificateSubject `mapstructure:"subject" json:"subject,omitempty"`
SANConfig SANConfig `mapstructure:"san-config" json:"san_config,omitempty"`
Duration string `mapstructure:"duration" json:"duration,omitempty"`
IsCA bool `mapstructure:"ca" json:"is_ca,omitempty"`
Bits int `mapstructure:"bits" json:"bits,omitempty"`
CacheDirectory string `mapstructure:"cache-directory" json:"cache_directory,omitempty"`
Alias string `mapstructure:"alias" json:"alias,omitempty"`
}
SelfSignedConfig specifies parameters for generating a self-signed certificate.
type ServerConfig ¶
type ServerConfig struct {
ServerName string `mapstructure:"server-name"`
AutoCertConfig AutoCertConfig `mapstructure:"auto-cert-config" json:",omitempty"`
SelfSignedConfig SelfSignedConfig `mapstructure:"self-signed-config" json:",omitempty"`
LocalConfig LocalConfig `mapstructure:"local" json:",omitempty"`
ClientAuthType string `mapstructure:"client-auth-type" json:",omitempty"`
ClientCAFile string `mapstructure:"client-ca-file" json:",omitempty"`
NextProtos []string `mapstructure:"next-protos"`
TLSMinVersion string `mapstructure:"tls-min-version"`
}
ServerConfig specifies TLS configuration for a server.
Source Files