TLS util functions to help with setting up client & server TLS-based connections.
go get -u github.com/acacio/tlsutil
import (
"github.com/acacio/tlsutil"
)
type Config struct {
TLSType string
VerifyClients bool
CA string
Cert string
Key string
}
func setupServer(cfg *Config) (*tls.Config, error) {
var tlstype string
if cfg.VerifyClients {
tlstype = "verify"
} else {
tlstype = "simple"
}
// Implicitly requires CA for "verify"
return tlsutil.SetupServerTLS(tlstype, cfg.CA, cfg.Cert, cfg.Key)
}
With this library it is possible to setup several different TLS pairings:
Client \ Server | No srv TLS | Certs"simple" |
Certs + Client Verification "verify" |
---|---|---|---|
No TLS | - | N/A | N/A |
Simple TLS"simple" |
N/A | supported | N/A |
Client Certs"certs" |
N/A | supported | Server enforces Client ID (server needs CA.crt) |
Client Certs + Server Verification "verify" |
N/A | Client enforces server ID (client needs CA.crt) |
Enforce Client & Server ID (both require CA.crt) |