tls

package

v1.11.0-beta4 Latest Latest Go to latest Published: Oct 15, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kfsoftware/hlf-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func AbsTLSClient(cfg *ClientTLSConfig, configDir string) error
func AbsTLSServer(cfg *ServerTLSConfig, configDir string) error
func GetClientTLSConfig(cfg *ClientTLSConfig, csp bccsp.BCCSP) (*tls.Config, error)
type ClientAuth
type ClientTLSConfig
type KeyCertFiles
type ServerTLSConfig

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultCipherSuites = []uint16{
	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
}

DefaultCipherSuites is a set of strong TLS cipher suites

Functions ¶

func AbsTLSClient ¶ added in v1.9.0

func AbsTLSClient(cfg *ClientTLSConfig, configDir string) error

AbsTLSClient makes TLS client files absolute

func AbsTLSServer ¶ added in v1.9.0

func AbsTLSServer(cfg *ServerTLSConfig, configDir string) error

AbsTLSServer makes TLS client files absolute

func GetClientTLSConfig ¶

func GetClientTLSConfig(cfg *ClientTLSConfig, csp bccsp.BCCSP) (*tls.Config, error)

GetClientTLSConfig creates a tls.Config object from certs and roots

Types ¶

type ClientAuth ¶ added in v1.9.0

type ClientAuth struct {
	Type      string   `def:"noclientcert" help:"Policy the server will follow for TLS Client Authentication."`
	CertFiles []string `help:"A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)"`
}

ClientAuth defines the key material needed to verify client certificates

type ClientTLSConfig ¶

type ClientTLSConfig struct {
	Enabled   bool     `skip:"true"`
	CertFiles []string `help:"A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)"`
	Client    KeyCertFiles
}

ClientTLSConfig defines the key material for a TLS client

type KeyCertFiles ¶

type KeyCertFiles struct {
	KeyFile  string `help:"PEM-encoded key file when mutual authentication is enabled"`
	CertFile string `help:"PEM-encoded certificate file when mutual authenticate is enabled"`
}

KeyCertFiles defines the files need for client on TLS

type ServerTLSConfig ¶ added in v1.9.0

type ServerTLSConfig struct {
	Enabled    bool   `help:"Enable TLS on the listening port"`
	CertFile   string `def:"tls-cert.pem" help:"PEM-encoded TLS certificate file for server's listening port"`
	KeyFile    string `help:"PEM-encoded TLS key for server's listening port"`
	ClientAuth ClientAuth
}

ServerTLSConfig defines key material for a TLS server

Source Files ¶

View all Source files

tls.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL