rtls

package
v0.0.67 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 21, 2024 License: Apache-2.0, MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	NoCACert     = ""
	NoServerName = ""
)

Variables

This section is empty.

Functions

func CreateClientConfig 

func CreateClientConfig(certFile, keyFile, caCertFile, serverName string, noverify bool) (*tls.Config, error)

CreateClientConfig creates a new tls.Config for use by a client. The certFile and keyFile parameters are the paths to the client's certificate and key files, which will be used to authenticate the client to the server if mutual TLS is active. The caCertFile parameter is the path to the CA certificate file, which the client will use to verify any certificate presented by the server. serverName can also be set, informing the client which hostname should appear in the returned certificate. If noverify is true, the client will not verify the server's certificate.

func CreateServerConfig 

func CreateServerConfig(certFile, keyFile, caCertFile string, mtls MTLSState) (*tls.Config, error)

CreateServerConfig creates a new tls.Config for use by a server. The certFile and keyFile parameters are the paths to the server's certificate and key files, which will be used to authenticate the server to the client. The caCertFile parameter is the path to the CA certificate file, which the server will use to verify any certificate presented by the client. If mtls is MTLSStateEnabled, the server will require the client to present a valid certificate.

func GenerateCACert 

func GenerateCACert(subject pkix.Name, validFor time.Duration, keySize int) ([]byte, []byte, error)

GenerateCACert generates a new CA certificate and returns the cert and key as PEM-encoded bytes.

func GenerateCert 

func GenerateCert(subject pkix.Name, validFor time.Duration, keySize int, parent *x509.Certificate, parentKey interface{}) ([]byte, []byte, error)

GenerateCert generates a new x509 certificate and returns the cert and key as PEM-encoded bytes. The function should take in a subject, a validity period, and a key size. It should optionally take in a parent certificate and key. If a parent certificate and key are provided, the new certificate should be signed by the parent. If no parent certificate and key are provided, the new certificate should be self-signed.

func GenerateCertIPSAN 

func GenerateCertIPSAN(subject pkix.Name, validFor time.Duration, keySize int, parent *x509.Certificate, parentKey interface{}, san net.IP) ([]byte, []byte, error)

func GenerateSelfSignedCert 

func GenerateSelfSignedCert(subject pkix.Name, validFor time.Duration, keySize int) ([]byte, []byte, error)

GenerateSelfSignedCert generates a new self-signed certificate and returns the cert and key as PEM-encoded bytes.

func GenerateSelfSignedCertIPSAN 

func GenerateSelfSignedCertIPSAN(subject pkix.Name, validFor time.Duration, keySize int, san net.IP) ([]byte, []byte, error)

GenerateSelfSignedCertIPSAN generates a new self-signed certificate and returns the cert and key as PEM-encoded bytes.

Types

type MTLSState 

type MTLSState tls.ClientAuthType

MTLSState indicates whether mutual TLS is enabled or disabled. 

const (
	MTLSStateDisabled MTLSState = MTLSState(tls.NoClientCert)
	MTLSStateEnabled  MTLSState = MTLSState(tls.RequireAndVerifyClientCert)
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.