summaryrefslogtreecommitdiff
path: root/vendor/github.com/docker/go-connections/tlsconfig
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2019-01-08 14:52:57 +0100
committerValentin Rothberg <rothberg@redhat.com>2019-01-11 13:38:11 +0100
commitbd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87 (patch)
tree5f06e4e289f16d9164d692590a3fe6541b5384cf /vendor/github.com/docker/go-connections/tlsconfig
parent545f24421247c9f6251a634764db3f8f8070a812 (diff)
downloadpodman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.tar.gz
podman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.tar.bz2
podman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.zip
vendor: update everything
* If possible, update each dependency to the latest available version. * Use releases over commit IDs and avoid vendoring branches. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'vendor/github.com/docker/go-connections/tlsconfig')
-rw-r--r--vendor/github.com/docker/go-connections/tlsconfig/certpool_other.go1
-rw-r--r--vendor/github.com/docker/go-connections/tlsconfig/config.go26
2 files changed, 18 insertions, 9 deletions
diff --git a/vendor/github.com/docker/go-connections/tlsconfig/certpool_other.go b/vendor/github.com/docker/go-connections/tlsconfig/certpool_other.go
index 9ca974539..1ff81c333 100644
--- a/vendor/github.com/docker/go-connections/tlsconfig/certpool_other.go
+++ b/vendor/github.com/docker/go-connections/tlsconfig/certpool_other.go
@@ -4,7 +4,6 @@ package tlsconfig
import (
"crypto/x509"
-
)
// SystemCertPool returns an new empty cert pool,
diff --git a/vendor/github.com/docker/go-connections/tlsconfig/config.go b/vendor/github.com/docker/go-connections/tlsconfig/config.go
index 1b31bbb8b..0ef3fdcb4 100644
--- a/vendor/github.com/docker/go-connections/tlsconfig/config.go
+++ b/vendor/github.com/docker/go-connections/tlsconfig/config.go
@@ -46,8 +46,6 @@ var acceptedCBCCiphers = []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- tls.TLS_RSA_WITH_AES_256_CBC_SHA,
- tls.TLS_RSA_WITH_AES_128_CBC_SHA,
}
// DefaultServerAcceptedCiphers should be uses by code which already has a crypto/tls
@@ -65,22 +63,34 @@ var allTLSVersions = map[uint16]struct{}{
}
// ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.
-func ServerDefault() *tls.Config {
- return &tls.Config{
- // Avoid fallback to SSL protocols < TLS1.0
- MinVersion: tls.VersionTLS10,
+func ServerDefault(ops ...func(*tls.Config)) *tls.Config {
+ tlsconfig := &tls.Config{
+ // Avoid fallback by default to SSL protocols < TLS1.2
+ MinVersion: tls.VersionTLS12,
PreferServerCipherSuites: true,
CipherSuites: DefaultServerAcceptedCiphers,
}
+
+ for _, op := range ops {
+ op(tlsconfig)
+ }
+
+ return tlsconfig
}
// ClientDefault returns a secure-enough TLS configuration for the client TLS configuration.
-func ClientDefault() *tls.Config {
- return &tls.Config{
+func ClientDefault(ops ...func(*tls.Config)) *tls.Config {
+ tlsconfig := &tls.Config{
// Prefer TLS1.2 as the client minimum
MinVersion: tls.VersionTLS12,
CipherSuites: clientCipherSuites,
}
+
+ for _, op := range ops {
+ op(tlsconfig)
+ }
+
+ return tlsconfig
}
// certPool returns an X.509 certificate pool from `caFile`, the certificate file.