Golang FIPSModeSet Exemples

Langage de programmation: Golang

Espace de nommage/Pack: github.com/spacemonkeygo/openssl

Méthode/Fonction: FIPSModeSet

Exemples au hotexamples.com: 2

Golang FIPSModeSet - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de github.com/spacemonkeygo/openssl.FIPSModeSet extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Associées

NewAPIServer

Dial

NewError

PublicKey

GetEnv

Lookup

DirExists

NewRouterClient

Convlit

set_asn_u_ptr

Related in langs

create_wiz_menu_items (PHP)

edd_is_discount_started (PHP)

AddManholeTDS.AddManholeNewDataTable (C#)

RemoveAzureDataFactoryCommand (C#)

gdk_cursor_new_for_display (C++)

__debugbreak (C++)

NetworkUtils (Java)

JPanel (Java)

perform_livestatus_command (Python)

git_dir (Python)

Exemple #1

0

Afficher le fichier

Fichier : openssl_fips.go Projet : devsaurin/mongo-tools

func SetUpFIPSMode(opts *ToolOptions) error { if err := openssl.FIPSModeSet(opts.SSLFipsMode); err != nil { return fmt.Errorf("couldn't set FIPS mode to %v: %v", opts.SSLFipsMode, err) } return nil }

Exemple #2

0

Afficher le fichier

Fichier : openssl.go Projet : shelman/mongo-tools-proto

// Creates and configures an openssl.Ctx func setupCtx(opts options.ToolOptions) (*openssl.Ctx, error) { var ctx *openssl.Ctx var err error if err := openssl.FIPSModeSet(opts.SSLFipsMode); err != nil { return nil, fmt.Errorf("couldn't set FIPS mode to %v: %v", opts.SSLFipsMode, err) } if ctx, err = openssl.NewCtxWithVersion(openssl.AnyVersion); err != nil { return nil, fmt.Errorf("failure creating new openssl context with "+ "NewCtxWithVersion(AnyVersion): %v", err) } // OpAll - Activate all bug workaround options, to support buggy client SSL's. // NoSSLv2 - Disable SSL v2 support ctx.SetOptions(openssl.OpAll | openssl.NoSSLv2) // HIGH - Enable strong ciphers // !EXPORT - Disable export ciphers (40/56 bit) // !aNULL - Disable anonymous auth ciphers // @STRENGTH - Sort ciphers based on strength ctx.SetCipherList("HIGH:!EXPORT:!aNULL@STRENGTH") // add the PEM key file with the cert and private key, if specified if opts.SSLPEMKeyFile != "" { if err = ctx.UseCertificateChainFile(opts.SSLPEMKeyFile); err != nil { return nil, fmt.Errorf("UseCertificateChainFile: %v", err) } // TODO support password encrypted key files if err = ctx.UsePrivateKeyFile(opts.SSLPEMKeyFile, openssl.FiletypePEM); err != nil { return nil, fmt.Errorf("UsePrivateKeyFile: %v", err) } // Verify that the certificate and the key go together. if err = ctx.CheckPrivateKey(); err != nil { return nil, fmt.Errorf("CheckPrivateKey: %v", err) } } // If renegotiation is needed, don't return from recv() or send() until it's successful. // Note: this is for blocking sockets only. ctx.SetMode(openssl.AutoRetry) // Disable session caching (see SERVER-10261) ctx.SetSessionCacheMode(openssl.SessionCacheOff) if opts.SSLCAFile != "" { calist, err := openssl.LoadClientCAFile(opts.SSLCAFile) if err != nil { return nil, fmt.Errorf("LoadClientCAFile: %v", err) } ctx.SetClientCAList(calist) if err = ctx.LoadVerifyLocations(opts.SSLCAFile, ""); err != nil { return nil, fmt.Errorf("LoadVerifyLocations: %v", err) } var verifyOption openssl.VerifyOptions if opts.SSLAllowInvalid { verifyOption = openssl.VerifyNone } else { verifyOption = openssl.VerifyPeer } ctx.SetVerify(verifyOption, nil) } if opts.SSLCRLFile != "" { store := ctx.GetCertificateStore() store.SetFlags(openssl.CRLCheck) lookup, err := store.AddLookup(openssl.X509LookupFile()) if err != nil { return nil, fmt.Errorf("AddLookup(X509LookupFile()): %v", err) } lookup.LoadCRLFile(opts.SSLCRLFile) } return ctx, nil }