Add support for client-side certificates
This commit is contained in:
parent
fd74b8fbe9
commit
cc06e65b41
25
client.go
25
client.go
|
@ -16,7 +16,19 @@ var (
|
||||||
|
|
||||||
// Client is a Gemini client.
|
// Client is a Gemini client.
|
||||||
type Client struct {
|
type Client struct {
|
||||||
TLSConfig *tls.Config // TODO: Client certificate support
|
// The client's TLS configuration.
|
||||||
|
// To use a client-side certificate, provide it here.
|
||||||
|
//
|
||||||
|
// Example:
|
||||||
|
//
|
||||||
|
// config := tls.Config{}
|
||||||
|
// cert, err := tls.LoadX509KeyPair("example/server/server.crt", "example/server/server.key")
|
||||||
|
// if err != nil {
|
||||||
|
// panic(err)
|
||||||
|
// }
|
||||||
|
// config.Certificates = append(config.Certificates, cert)
|
||||||
|
//
|
||||||
|
TLSConfig tls.Config
|
||||||
}
|
}
|
||||||
|
|
||||||
// Request makes a request for the provided URL. The host is inferred from the URL.
|
// Request makes a request for the provided URL. The host is inferred from the URL.
|
||||||
|
@ -83,12 +95,11 @@ func (c *Client) Do(req *Request) (*Response, error) {
|
||||||
host += ":1965"
|
host += ":1965"
|
||||||
}
|
}
|
||||||
|
|
||||||
config := &tls.Config{
|
// Allow self signed certificates
|
||||||
// Allow self-signed certificates
|
config := c.TLSConfig
|
||||||
// TODO: Trust on first use
|
config.InsecureSkipVerify = true
|
||||||
InsecureSkipVerify: true,
|
|
||||||
}
|
conn, err := tls.Dial("tcp", host, &config)
|
||||||
conn, err := tls.Dial("tcp", host, config)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
2
example/client/.gitignore
vendored
Normal file
2
example/client/.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
client.crt
|
||||||
|
client.key
|
|
@ -4,14 +4,33 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bufio"
|
"bufio"
|
||||||
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
"git.sr.ht/~adnano/go-gemini"
|
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
|
"git.sr.ht/~adnano/go-gemini"
|
||||||
)
|
)
|
||||||
|
|
||||||
var client gemini.Client
|
var client gemini.Client
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
// Configure a client side certificate.
|
||||||
|
// To generate a certificate, run:
|
||||||
|
//
|
||||||
|
// openssl genrsa -out client.key 2048
|
||||||
|
// openssl ecparam -genkey -name secp384r1 -out client.key
|
||||||
|
// openssl req -new -x509 -sha256 -key client.key -out client.crt -days 3650
|
||||||
|
//
|
||||||
|
config := tls.Config{}
|
||||||
|
cert, err := tls.LoadX509KeyPair("example/client/client.crt", "example/client/client.key")
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
config.Certificates = append(config.Certificates, cert)
|
||||||
|
client.TLSConfig = config
|
||||||
|
}
|
||||||
|
|
||||||
func makeRequest(url string) {
|
func makeRequest(url string) {
|
||||||
resp, err := client.Request(url)
|
resp, err := client.Request(url)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -17,7 +17,7 @@ func main() {
|
||||||
// openssl ecparam -genkey -name secp384r1 -out server.key
|
// openssl ecparam -genkey -name secp384r1 -out server.key
|
||||||
// openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
|
// openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
|
||||||
//
|
//
|
||||||
config := &tls.Config{}
|
config := tls.Config{}
|
||||||
cert, err := tls.LoadX509KeyPair("example/server/server.crt", "example/server/server.key")
|
cert, err := tls.LoadX509KeyPair("example/server/server.crt", "example/server/server.key")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
|
|
|
@ -62,7 +62,7 @@ func (r *Response) Write(w io.Writer) {
|
||||||
// Server is a Gemini server.
|
// Server is a Gemini server.
|
||||||
type Server struct {
|
type Server struct {
|
||||||
Addr string
|
Addr string
|
||||||
TLSConfig *tls.Config
|
TLSConfig tls.Config
|
||||||
Handler Handler
|
Handler Handler
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -79,7 +79,7 @@ func (s *Server) ListenAndServe() error {
|
||||||
}
|
}
|
||||||
defer ln.Close()
|
defer ln.Close()
|
||||||
|
|
||||||
tlsListener := tls.NewListener(ln, s.TLSConfig)
|
tlsListener := tls.NewListener(ln, &s.TLSConfig)
|
||||||
return s.Serve(tlsListener)
|
return s.Serve(tlsListener)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user