-
Notifications
You must be signed in to change notification settings - Fork 1
/
tls.go
38 lines (32 loc) · 933 Bytes
/
tls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
package options
import (
"crypto/tls"
"crypto/x509"
"fmt"
"os"
)
type TLSOptions struct {
Enabled bool
Ca string
Cert string
Key string
}
func loadTLSCerts(tlsOptions TLSOptions) (*x509.CertPool, []tls.Certificate, error) {
// Load certificate of the CA who signed console/server's certificate
pemCA, err := os.ReadFile(tlsOptions.Ca)
if err != nil {
return nil, nil, fmt.Errorf("unable to open CA cert '%s':\n\t%w", tlsOptions.Ca, err)
}
certPool := x509.NewCertPool()
if !certPool.AppendCertsFromPEM(pemCA) {
return nil, nil, fmt.Errorf("failed to add CA's certificate to cert pool")
}
// Load console/server's certificate and private key
cert, err := tls.LoadX509KeyPair(tlsOptions.Cert, tlsOptions.Key)
if err != nil {
return nil, nil, fmt.Errorf("unable to open cert/key '%s / %s':\n\t%w",
tlsOptions.Cert,
tlsOptions.Key, err)
}
return certPool, []tls.Certificate{cert}, nil
}