Documentation ¶
Overview ¶
Package tls provides shared functionality for configurations related to TLS.
At the moment, it support runtime checks for a "TLS bundle".
Terminologies:
- TLS bundle: a collection of files for CA certificate(s), certificate, key and optionally, key password. It is used to establish mututal TLS connections. All files are assumed to be in PEM format. The term is derived from "CA bundle".
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Check ¶
Check performs a validation on values of a TLS config, including:
- assert that either InsecureSkipTLS == true and no files are specified; or that InsecureSkipTLS == false and at least CACertificateFile, CertificateFile and KeyFile are specified.
- for CACertificateFile, CertificateFile, KeyFile and KeyPasswordFile, assert that they are readable files if the field is specified.
- assert that the content of CACertificateFile, CertificateFile, KeyFile and KeyPasswordFile (if specified), can be used to generate valid *tls.Config.
It can be used in conjunction with Ping or PingInsecureSkipVerify to verify that we can connect to a server through TLS.
func Ping ¶
Ping checks if we can connect to a given server over mutual TLS.
It also verify that the hostname on server's certificates is correct.
func PingInsecureSkipVerify ¶
PingInsecureSkipVerify also checks if we can connect to a given address over TLS. However, it skip hostname verification (i.e., use tls.Config's InsecureSkipVerify).
Types ¶
type Config ¶
type Config struct { InsecureSkipTLS bool `yaml:"insecureSkipTLS"` // convention: false CACertificateFile string `yaml:"caCertificateFile"` // convention: ca-certificate.pem CertificateFile string `yaml:"certificateFile"` // convention: certificate.pem KeyFile string `yaml:"keyFile"` // convention: key.pem KeyPasswordFile string `yaml:"keyPasswordFile"` // optional; convention: key.password }
Config contains options for chrono components to communicate over TLS. It designed be used in YAML files.