mystiatech/GreenCoast
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-08-23. You can view files and clone it, but cannot push or open issues or pull requests.
Files
9502d1b1be4064db4487cbd2e625deaf3b928583
GreenCoast/internal/federation/tls.go
Dani 9502d1b1be First Commit
2025-08-21 20:56:38 -04:00

33 lines
660 B
Go
Raw Blame History

package federation
import (
"crypto/tls"
"crypto/x509"
"os"
)
func ServerTLSConfig(certFile, keyFile, clientCAFile string) (*tls.Config, error) {
// Load server cert
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return nil, err
}
// Load client CA for mTLS
caPEM, err := os.ReadFile(clientCAFile)
if err != nil {
return nil, err
}
clientCAs := x509.NewCertPool()
if ok := clientCAs.AppendCertsFromPEM(caPEM); !ok {
return nil, err
}
return &tls.Config{
MinVersion: tls.VersionTLS13,
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: clientCAs,
}, nil
}
Reference in New Issue View Git Blame Copy Permalink