-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtls.go
40 lines (33 loc) · 1.01 KB
/
tls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
package klient
import (
"crypto/tls"
"github.com/twmb/tlscfg"
)
// TLSConfig contains options for TLS authentication.
type TLSConfig struct {
// CertFile is the path to the client's TLS certificate.
// Should be use with KeyFile.
CertFile string `cfg:"cert_file"`
// KeyFile is the path to the client's TLS key.
// Should be use with CertFile.
KeyFile string `cfg:"key_file"`
// CAFile is the path to the CA certificate.
// If empty, the server's root CA set will be used.
CAFile string `cfg:"ca_file"`
}
// Generate returns a tls.Config based on the TLSConfig.
//
// If the TLSConfig is empty, nil is returned.
func (t TLSConfig) Generate() (*tls.Config, error) {
opts := []tlscfg.Opt{}
// load client cert
if t.CertFile != "" && t.KeyFile != "" {
opts = append(opts, tlscfg.WithDiskKeyPair(t.CertFile, t.KeyFile))
}
// load CA cert
opts = append(opts, tlscfg.WithSystemCertPool())
if t.CAFile != "" {
opts = append(opts, tlscfg.WithDiskCA(t.CAFile, tlscfg.ForClient))
}
return tlscfg.New(opts...)
}