Remove decrypt option (#14)

go-chassis · Aug 16, 2021 · 871e6de · 871e6de
1 parent 7f4d2b2
commit 871e6de
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 8 deletions.
diff --git a/tlsutil/option.go b/tlsutil/option.go
@@ -29,7 +29,6 @@ type TLSOptions struct {
 	CertFile       string
 	KeyFile        string
 	KeyPassphase   string
-	Decrypt        Decrypt
 }
 
 type TLSOption func(*TLSOptions)
@@ -40,11 +39,10 @@ func WithCipherSuits(s []uint16) TLSOption { return func(c *TLSOptions) { c.Ciph
 func WithVersion(min, max uint16) TLSOption {
 	return func(c *TLSOptions) { c.MinVersion, c.MaxVersion = min, max }
 }
-func WithCert(f string) TLSOption     { return func(c *TLSOptions) { c.CertFile = f } }
-func WithKey(k string) TLSOption      { return func(c *TLSOptions) { c.KeyFile = k } }
-func WithKeyPass(p string) TLSOption  { return func(c *TLSOptions) { c.KeyPassphase = p } }
-func WithCA(f string) TLSOption       { return func(c *TLSOptions) { c.CACertFile = f } }
-func WithDecrypt(f Decrypt) TLSOption { return func(c *TLSOptions) { c.Decrypt = f } }
+func WithCert(f string) TLSOption    { return func(c *TLSOptions) { c.CertFile = f } }
+func WithKey(k string) TLSOption     { return func(c *TLSOptions) { c.KeyFile = k } }
+func WithKeyPass(p string) TLSOption { return func(c *TLSOptions) { c.KeyPassphase = p } }
+func WithCA(f string) TLSOption      { return func(c *TLSOptions) { c.CACertFile = f } }
 
 func toTLSOptions(opts ...TLSOption) (op TLSOptions) {
 	for _, opt := range opts {
@@ -58,6 +56,7 @@ func DefaultClientTLSOptions() []TLSOption {
 		WithVerifyPeer(true),
 		WithVerifyHostName(true),
 		WithVersion(tls.VersionTLS12, MaxSupportedTLSVersion),
+		WithCipherSuits(TLSCipherSuits()),
 	}
 }
 

diff --git a/tlsutil/tlsutil.go b/tlsutil/tlsutil.go
@@ -128,7 +128,7 @@ func GetClientTLSConfig(ops ...TLSOption) (tlsConfig *tls.Config, err error) {
 	}
 
 	if len(opts.CertFile) > 0 {
-		certs, err = LoadTLSCertificate(opts.CertFile, opts.KeyFile, opts.KeyPassphase, opts.Decrypt)
+		certs, err = LoadTLSCertificate(opts.CertFile, opts.KeyFile, opts.KeyPassphase, nil)
 		if err != nil {
 			return nil, err
 		}
@@ -161,7 +161,7 @@ func GetServerTLSConfig(ops ...TLSOption) (tlsConfig *tls.Config, err error) {
 
 	var certs []tls.Certificate
 	if len(opts.CertFile) > 0 {
-		certs, err = LoadTLSCertificate(opts.CertFile, opts.KeyFile, opts.KeyPassphase, opts.Decrypt)
+		certs, err = LoadTLSCertificate(opts.CertFile, opts.KeyFile, opts.KeyPassphase, nil)
 		if err != nil {
 			return nil, err
 		}