BuildTLSConfig builds tls.Config from TLS configuration.
(acm *autocert.Manager)
| 351 | |
| 352 | // BuildTLSConfig builds tls.Config from TLS configuration. |
| 353 | func (c *TLS) BuildTLSConfig(acm *autocert.Manager) (*tls.Config, error) { |
| 354 | tlsCfg := tls.Config{ |
| 355 | PreferServerCipherSuites: true, |
| 356 | MinVersion: tls.VersionTLS12, |
| 357 | CurvePreferences: []tls.CurveID{ |
| 358 | tls.CurveP256, |
| 359 | tls.X25519, |
| 360 | }, |
| 361 | InsecureSkipVerify: c.InsecureSkipVerify, // nolint: gosec |
| 362 | } |
| 363 | if len(c.KeyFile) > 0 && len(c.CertFile) > 0 { |
| 364 | cert, err := tls.LoadX509KeyPair(c.CertFile, c.KeyFile) |
| 365 | if err != nil { |
| 366 | return nil, fmt.Errorf("cannot load cert for `cert_file`=%q, `key_file`=%q: %w", |
| 367 | c.CertFile, c.KeyFile, err) |
| 368 | } |
| 369 | tlsCfg.Certificates = []tls.Certificate{cert} |
| 370 | } else if acm != nil { |
| 371 | tlsCfg.GetCertificate = acm.GetCertificate |
| 372 | } |
| 373 | |
| 374 | return &tlsCfg, nil |
| 375 | } |
| 376 | |
| 377 | // HTTPS describes configuration for server to listen HTTPS connections |
| 378 | // It can be autocert with letsencrypt |
no outgoing calls