Add support for client-side certificates
This commit is contained in:
adnano
parent
fd74b8fbe9
commit
cc06e65b41
25
client.go
25
client.go
|
|
@ -16,7 +16,19 @@ var (
|
|||
|
||||
// Client is a Gemini client.
|
||||
type Client struct {
|
||||
TLSConfig *tls.Config // TODO: Client certificate support
|
||||
// The client's TLS configuration.
|
||||
// To use a client-side certificate, provide it here.
|
||||
//
|
||||
// Example:
|
||||
//
|
||||
// config := tls.Config{}
|
||||
// cert, err := tls.LoadX509KeyPair("example/server/server.crt", "example/server/server.key")
|
||||
// if err != nil {
|
||||
// panic(err)
|
||||
// }
|
||||
// config.Certificates = append(config.Certificates, cert)
|
||||
//
|
||||
TLSConfig tls.Config
|
||||
}
|
||||
|
||||
// Request makes a request for the provided URL. The host is inferred from the URL.
|
||||
|
|
@ -83,12 +95,11 @@ func (c *Client) Do(req *Request) (*Response, error) {
|
|||
host += ":1965"
|
||||
}
|
||||
|
||||
config := &tls.Config{
|
||||
// Allow self-signed certificates
|
||||
// TODO: Trust on first use
|
||||
InsecureSkipVerify: true,
|
||||
}
|
||||
conn, err := tls.Dial("tcp", host, config)
|
||||
// Allow self signed certificates
|
||||
config := c.TLSConfig
|
||||
config.InsecureSkipVerify = true
|
||||
|
||||
conn, err := tls.Dial("tcp", host, &config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
2
example/client/.gitignore
vendored
Normal file
2
example/client/.gitignore
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
client.crt
|
||||
client.key
|
||||
|
|
@ -4,14 +4,33 @@ package main
|
|||
|
||||
import (
|
||||
"bufio"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"git.sr.ht/~adnano/go-gemini"
|
||||
"log"
|
||||
"os"
|
||||
|
||||
"git.sr.ht/~adnano/go-gemini"
|
||||
)
|
||||
|
||||
var client gemini.Client
|
||||
|
||||
func init() {
|
||||
// Configure a client side certificate.
|
||||
// To generate a certificate, run:
|
||||
//
|
||||
// openssl genrsa -out client.key 2048
|
||||
// openssl ecparam -genkey -name secp384r1 -out client.key
|
||||
// openssl req -new -x509 -sha256 -key client.key -out client.crt -days 3650
|
||||
//
|
||||
config := tls.Config{}
|
||||
cert, err := tls.LoadX509KeyPair("example/client/client.crt", "example/client/client.key")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
config.Certificates = append(config.Certificates, cert)
|
||||
client.TLSConfig = config
|
||||
}
|
||||
|
||||
func makeRequest(url string) {
|
||||
resp, err := client.Request(url)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ func main() {
|
|||
// openssl ecparam -genkey -name secp384r1 -out server.key
|
||||
// openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
|
||||
//
|
||||
config := &tls.Config{}
|
||||
config := tls.Config{}
|
||||
cert, err := tls.LoadX509KeyPair("example/server/server.crt", "example/server/server.key")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ func (r *Response) Write(w io.Writer) {
|
|||
// Server is a Gemini server.
|
||||
type Server struct {
|
||||
Addr string
|
||||
TLSConfig *tls.Config
|
||||
TLSConfig tls.Config
|
||||
Handler Handler
|
||||
}
|
||||
|
||||
|
|
@ -79,7 +79,7 @@ func (s *Server) ListenAndServe() error {
|
|||
}
|
||||
defer ln.Close()
|
||||
|
||||
tlsListener := tls.NewListener(ln, s.TLSConfig)
|
||||
tlsListener := tls.NewListener(ln, &s.TLSConfig)
|
||||
return s.Serve(tlsListener)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user