fftls

package
v1.4.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 29, 2024 License: Apache-2.0 Imports: 10 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	// HTTPConfTLSCAFile the TLS certificate authority file for the HTTP server
	HTTPConfTLSCAFile = "caFile"
	// HTTPConfTLSCertFile the TLS certificate file for the HTTP server
	HTTPConfTLSCertFile = "certFile"
	// HTTPConfTLSClientAuth whether the HTTP server requires a mutual TLS connection
	HTTPConfTLSClientAuth = "clientAuth"
	// HTTPConfTLSEnabled whether TLS is enabled for the HTTP server
	HTTPConfTLSEnabled = "enabled"
	// HTTPConfTLSKeyFile the private key file for TLS on the server
	HTTPConfTLSKeyFile = "keyFile"
	// HTTPConfTLSInsecureSkipHostVerify disables host verification - insecure (for dev only)
	HTTPConfTLSInsecureSkipHostVerify = "insecureSkipHostVerify"

	// HTTPConfTLSRequiredDNAttributes provides a set of regular expressions, to match against the DN of the client. Requires HTTPConfTLSClientAuth
	HTTPConfTLSRequiredDNAttributes = "requiredDNAttributes"
)

Variables

View Source 
var SubjectDNKnownAttributes = map[string]func(pkix.Name) []string{
	"C": func(n pkix.Name) []string {
		return n.Country
	},
	"O": func(n pkix.Name) []string {
		return n.Organization
	},
	"OU": func(n pkix.Name) []string {
		return n.OrganizationalUnit
	},
	"CN": func(n pkix.Name) []string {
		if n.CommonName == "" {
			return []string{}
		}
		return []string{n.CommonName}
	},
	"SERIALNUMBER": func(n pkix.Name) []string {
		if n.SerialNumber == "" {
			return []string{}
		}
		return []string{n.SerialNumber}
	},
	"L": func(n pkix.Name) []string {
		return n.Locality
	},
	"ST": func(n pkix.Name) []string {
		return n.Province
	},
	"STREET": func(n pkix.Name) []string {
		return n.StreetAddress
	},
	"POSTALCODE": func(n pkix.Name) []string {
		return n.PostalCode
	},
}

Functions

func ConstructTLSConfig 

func ConstructTLSConfig(ctx context.Context, conf config.Section, tlsType TLSType) (*tls.Config, error)

func InitTLSConfig 

func InitTLSConfig(conf config.Section)

func NewTLSConfig added in v1.4.0 

func NewTLSConfig(ctx context.Context, config *Config, tlsType TLSType) (*tls.Config, error)

Types

type Config added in v1.4.0 

type Config struct {
	Enabled                bool                   `ffstruct:"tlsconfig" json:"enabled"`
	ClientAuth             bool                   `ffstruct:"tlsconfig" json:"clientAuth,omitempty"`
	CAFile                 string                 `ffstruct:"tlsconfig" json:"caFile,omitempty"`
	CertFile               string                 `ffstruct:"tlsconfig" json:"certFile,omitempty"`
	KeyFile                string                 `ffstruct:"tlsconfig" json:"keyFile,omitempty"`
	InsecureSkipHostVerify bool                   `ffstruct:"tlsconfig" json:"insecureSkipHostVerify"`
	RequiredDNAttributes   map[string]interface{} `ffstruct:"tlsconfig" json:"requiredDNAttributes,omitempty"`
}

func GenerateConfig added in v1.4.0 

func GenerateConfig(conf config.Section) *Config

type TLSType added in v1.4.0 

type TLSType string
const (
	ServerType TLSType = "server"
	ClientType TLSType = "client"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.