Categorycode.cloudfoundry.org/tlsconfig

modulepackage

0.0.0-20240712175922-ffce9516cec8

Repository: https://github.com/cloudfoundry/tlsconfig.git

Documentation: pkg.go.dev

# README

tlsconfig

tlsconfig generates shared crypto/tls configurations for internal and external-facing services in Cloud Foundry. This module is considered internal to Cloud Foundry, and does not provide any stability guarantees for external usage.

[!NOTE]

This repository should be imported as code.cloudfoundry.org/tlsconfig.

Contributing

See the Contributing.md for more information on how to contribute.

Working Group Charter

This repository is maintained by App Runtime Platform under Diego area.

[!IMPORTANT]

Content in this file is managed by the CI task sync-readme and is generated by CI following a convention.

# Packages

certtest

Package certtest can be used to build a PKI for test purposes.

# Functions

Build

Build creates a half configured TLS configuration.

FromEmptyPool

FromEmptyPool creates a PoolBuilder from an empty certificate pool.

FromSystemPool

FromSystemPool creates a PoolBuilder from the system's certificate pool.

WithAuthority

WithAuthority makes the client verify that the server presents an identity that can be validated by the certificate pool provided.

WithAuthorityBuilder

WithAuthorityBuilder uses the passed PoolBuilder to create the certificate pool to use as the authority.

WithAuthorityFromFile

WithAuthorityFromFile makes the client verify that the server presents an identity that can be validated by the CA file provided.

WithCert

WithCert will add the certificate directly to a certificate pool.

WithCertsFromFile

WithCertsFromFile will add all of the certificates found in a PEM-encoded file to a certificate pool.

WithClientAuthentication

WithClientAuthentication makes the server verify that all clients present an identity that can be validated by the certificate pool provided.

WithClientAuthenticationBuilder

WithClientAuthenticationBuilder uses the passed PoolBuilder to create the certificate pool to use as the authority when verifying client certificates.

WithClientAuthenticationFromFile

WithClientAuthenticationFromFile makes the server verify that all clients present an identity that can be validated by the CA file provided.

WithExternalServiceDefaults

WithExternalServiceDefaults modifies a *tls.Config that is suitable for use in communication between clients and servers where we do not control one end of the connection.

WithIdentity

WithIdentity sets the identity of the server or client which will be presented to its peer upon connection.

WithIdentityFromFile

WithIdentityFromFile sets the identity of the server or client which will be presented to its peer upon connection from provided cert and key files.

WithInternalServiceDefaults

WithInternalServiceDefaults modifies a *tls.Config that is suitable for use in communication links between internal services.

WithServerName

WithServerName makes the client verify that the server name in the certificate presented by the server.

# Structs

Config

Config represents a half configured TLS configuration.

PoolBuilder

PoolBuilder is used to build a certificate pool.

# Type aliases

ClientOption

ClientOption can be used to configure a TLS configuration for a client.

PoolOption

PoolOption is an functional option type that can be used to configure a certificate pool.

ServerOption

ServerOption can be used to configure a TLS configuration for a server.

TLSOption

TLSOption can be used to configure a TLS configuration for both clients and servers.