spiffe/go-spiffe

Implement tlsconfig package

azdagron opened this issue · 1 comments

azdagron commented

The tlsconfig package contains various methods of creating/updating TLS configuration with the ability to perform SPIFFE authentication over TLS.

There are 3 primitive helper functions:

  • GetCertificate: takes an x509svid.Source and implements the GetCertificate callback for server tls.Config
  • GetClientCertificate: takes an x509svid.Source and implements the GetClientCertificate callback for client tls.Config
  • VerifyPeerCertificate takes an x509bundle.Source and an authorizer and implements the VerifyPeerCertificate callback for both client and server tls.Config.

Along with the primitive helpers, there are a slew of functions that set up a variety of TLS configurations using the above helpers. Most of the implementation can be borrowed from the existing v1 TLS peer implementation.

The v2-api branch has scaffolding for the implementations in config.go.

This issue depends on #55 and #62.

azdagron commented

Fixed in #87