tlsconfig

package
v0.0.0-...-73df0bb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2018 License: Apache-2.0, Apache-2.0, Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package tlsconfig provides opintionated helpers for building tls.Configs. It keeps up to date with internal Pivotal best practices and external industry best practices.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ClientOption 

type ClientOption func(*tls.Config)

ClientOption can be used to configure a TLS configuration for a client.

func WithAuthority 

func WithAuthority(authority *x509.CertPool) ClientOption

WithAuthority makes the server verify that all clients present an identity that can be validated by the certificate pool provided.

type Config 

type Config struct {
	// contains filtered or unexported fields
}

Config represents a half configured TLS configuration. It can be made usable by calling either of its two methods.

func Build 

func Build(opts ...TLSOption) Config

Build creates a half configured TLS configuration.

func (Config) Client 

func (c Config) Client(opts ...ClientOption) *tls.Config

Client can be used to build a TLS configuration suitable for clients (GRPC, HTTP, etc.). The options are applied in order. It is possible for a later option to undo the configuration that an earlier one applied. Care must be taken.

func (Config) Server 

func (c Config) Server(opts ...ServerOption) *tls.Config

Server can be used to build a TLS configuration suitable for servers (GRPC, HTTP, etc.). The options are applied in order. It is possible for a later option to undo the configuration that an earlier one applied. Care must be taken.

type ServerOption 

type ServerOption func(*tls.Config)

ServerOption can be used to configure a TLS configuration for a server.

func WithClientAuthentication 

func WithClientAuthentication(authority *x509.CertPool) ServerOption

WithClientAuthentication makes the server verify that all clients present an identity that can be validated by the certificate pool provided.

type TLSOption 

type TLSOption func(*tls.Config)

TLSOption can be used to configure a TLS configuration for both clients and servers.

func WithIdentity 

func WithIdentity(cert tls.Certificate) TLSOption

WithIdentity sets the identity of the server or client which will be presented to its peer upon connection.

func WithInternalServiceDefaults 

func WithInternalServiceDefaults() TLSOption

WithInternalServiceDefaults modifies a *tls.Config that is suitable for use in communication links between internal services. It is not guaranteed to be suitable for communication to other external services as it contains a strict definition of acceptable standards.

The standards were taken from the "Consolidated Remarks" internal document from Pivotal.

Note: Due to the aggressive nature of the ciphersuites chosen here (they do not support any ECC signing) it is not possible to use ECC keys with this option.

func WithPivotalDefaults deprecated 

func WithPivotalDefaults() TLSOption

WithPivotalDefaults is the same as WithInternalServiceDefaults and is only provided for backwards compatibility. These configuration options are now used beyond just Pivotal.

Deprecated: Use WithInternalServiceDefaults() instead.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.