go-connections: github.com/docker/go-connections/tlsconfig Index | Files

package tlsconfig

import "github.com/docker/go-connections/tlsconfig"

Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.

As a reminder from https://golang.org/pkg/crypto/tls/#Config:

A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified.
A Config may be reused; the tls package will also not modify it.

Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.

Index

Package Files

certpool_go17.go config.go config_client_ciphers.go

Variables

var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)

DefaultServerAcceptedCiphers should be uses by code which already has a crypto/tls options struct but wants to use a commonly accepted set of TLS cipher suites, with known weak algorithms removed.

func Client Uses

func Client(options Options) (*tls.Config, error)

Client returns a TLS configuration meant to be used by a client.

func ClientDefault Uses

func ClientDefault(ops ...func(*tls.Config)) *tls.Config

ClientDefault returns a secure-enough TLS configuration for the client TLS configuration.

func IsErrEncryptedKey Uses

func IsErrEncryptedKey(err error) bool

IsErrEncryptedKey returns true if the 'err' is an error of incorrect password when tryin to decrypt a TLS private key

func Server Uses

func Server(options Options) (*tls.Config, error)

Server returns a TLS configuration meant to be used by a server.

func ServerDefault Uses

func ServerDefault(ops ...func(*tls.Config)) *tls.Config

ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.

func SystemCertPool Uses

func SystemCertPool() (*x509.CertPool, error)

SystemCertPool returns a copy of the system cert pool, returns an error if failed to load or empty pool on windows.

type Options Uses

type Options struct {
    CAFile string

    // If either CertFile or KeyFile is empty, Client() will not load them
    // preventing the client from authenticating to the server.
    // However, Server() requires them and will error out if they are empty.
    CertFile string
    KeyFile  string

    // client-only option
    InsecureSkipVerify bool
    // server-only option
    ClientAuth tls.ClientAuthType
    // If ExclusiveRootPools is set, then if a CA file is provided, the root pool used for TLS
    // creds will include exclusively the roots in that CA file.  If no CA file is provided,
    // the system pool will be used.
    ExclusiveRootPools bool
    MinVersion         uint16
    // If Passphrase is set, it will be used to decrypt a TLS private key
    // if the key is encrypted
    Passphrase string
}

Options represents the information needed to create client and server TLS configurations.

Package tlsconfig imports 8 packages (graph) and is imported by 1780 packages. Updated 2019-02-03. Refresh now. Tools for package owners.