Add preliminary CertificateStore API
This commit is contained in:
parent
872f6e2683
commit
6458420454
15
client.go
15
client.go
@ -170,6 +170,13 @@ type Client struct {
|
|||||||
// KnownHosts is a list of known hosts that the client trusts.
|
// KnownHosts is a list of known hosts that the client trusts.
|
||||||
KnownHosts *KnownHosts
|
KnownHosts *KnownHosts
|
||||||
|
|
||||||
|
// CertificateStore contains all the certificates that the client has stored.
|
||||||
|
CertificateStore *CertificateStore
|
||||||
|
|
||||||
|
// GetCertificate, if not nil, will be called to determine which certificate
|
||||||
|
// (if any) should be used for a request.
|
||||||
|
GetCertificate func(req *Request, store *CertificateStore) *tls.Certificate
|
||||||
|
|
||||||
// TrustCertificate, if not nil, will be called to determine whether the
|
// TrustCertificate, if not nil, will be called to determine whether the
|
||||||
// client should trust the given certificate.
|
// client should trust the given certificate.
|
||||||
// If error is not nil, the connection will be aborted.
|
// If error is not nil, the connection will be aborted.
|
||||||
@ -183,6 +190,14 @@ func (c *Client) Send(req *Request) (*Response, error) {
|
|||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
MinVersion: tls.VersionTLS12,
|
MinVersion: tls.VersionTLS12,
|
||||||
Certificates: []tls.Certificate{req.Certificate},
|
Certificates: []tls.Certificate{req.Certificate},
|
||||||
|
GetClientCertificate: func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
|
||||||
|
if c.GetCertificate != nil {
|
||||||
|
if cert := c.GetCertificate(req, c.CertificateStore); cert != nil {
|
||||||
|
return cert, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return &req.Certificate, nil
|
||||||
|
},
|
||||||
VerifyPeerCertificate: func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
|
VerifyPeerCertificate: func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
|
||||||
// Parse the certificate
|
// Parse the certificate
|
||||||
cert, err := x509.ParseCertificate(rawCerts[0])
|
cert, err := x509.ParseCertificate(rawCerts[0])
|
||||||
|
24
store.go
Normal file
24
store.go
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
package gemini
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/x509"
|
||||||
|
)
|
||||||
|
|
||||||
|
// CertificateStore maps hostnames to certificates.
|
||||||
|
type CertificateStore struct {
|
||||||
|
store map[string]*x509.Certificate // map of hostnames to certificates
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewCertificateStore() *CertificateStore {
|
||||||
|
return &CertificateStore{
|
||||||
|
store: map[string]*x509.Certificate{},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *CertificateStore) Put(hostname string, cert *x509.Certificate) {
|
||||||
|
c.store[hostname] = cert
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *CertificateStore) Get(hostname string) *x509.Certificate {
|
||||||
|
return c.store[hostname]
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user