sashakoshka/go-gemini
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for client-side certificates

Browse Source
This commit is contained in:
adnano 2020-09-21 18:21:42 -04:00
parent fd74b8fbe9
commit cc06e65b41
5 changed files with 43 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
client.go
View File

@ -16,7 +16,19 @@ var (
// Client is a Gemini client. // Client is a Gemini client.
type Client struct { type Client struct {
TLSConfig *tls.Config // TODO: Client certificate support // The client's TLS configuration.
// To use a client-side certificate, provide it here.
//
// Example:
//
// config := tls.Config{}
// cert, err := tls.LoadX509KeyPair("example/server/server.crt", "example/server/server.key")
// if err != nil {
// panic(err)
// }
// config.Certificates = append(config.Certificates, cert)
//
TLSConfig tls.Config
} }
// Request makes a request for the provided URL. The host is inferred from the URL. // Request makes a request for the provided URL. The host is inferred from the URL.
@ -83,12 +95,11 @@ func (c *Client) Do(req *Request) (*Response, error) {
host += ":1965" host += ":1965"
} }
config := &tls.Config{ // Allow self signed certificates
// Allow self-signed certificates config := c.TLSConfig
// TODO: Trust on first use config.InsecureSkipVerify = true
InsecureSkipVerify: true,
} conn, err := tls.Dial("tcp", host, &config)
conn, err := tls.Dial("tcp", host, config)
if err != nil { if err != nil {
return nil, err return nil, err
} }

2
example/client/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
client.crt
client.key

21
example/client/client.go
View File

@ -4,14 +4,33 @@ package main
import ( import (
"bufio" "bufio"
"crypto/tls"
"fmt" "fmt"
"git.sr.ht/~adnano/go-gemini"
"log" "log"
"os" "os"
"git.sr.ht/~adnano/go-gemini"
) )
var client gemini.Client var client gemini.Client
func init() {
// Configure a client side certificate.
// To generate a certificate, run:
//
// openssl genrsa -out client.key 2048
// openssl ecparam -genkey -name secp384r1 -out client.key
// openssl req -new -x509 -sha256 -key client.key -out client.crt -days 3650
//
config := tls.Config{}
cert, err := tls.LoadX509KeyPair("example/client/client.crt", "example/client/client.key")
if err != nil {
log.Fatal(err)
}
config.Certificates = append(config.Certificates, cert)
client.TLSConfig = config
}
func makeRequest(url string) { func makeRequest(url string) {
resp, err := client.Request(url) resp, err := client.Request(url)
if err != nil { if err != nil {

2
example/server/server.go
View File

@ -17,7 +17,7 @@ func main() {
// openssl ecparam -genkey -name secp384r1 -out server.key // openssl ecparam -genkey -name secp384r1 -out server.key
// openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650 // openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
// //
config := &tls.Config{} config := tls.Config{}
cert, err := tls.LoadX509KeyPair("example/server/server.crt", "example/server/server.key") cert, err := tls.LoadX509KeyPair("example/server/server.crt", "example/server/server.key")
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)

4
server.go
View File

@ -62,7 +62,7 @@ func (r *Response) Write(w io.Writer) {
// Server is a Gemini server. // Server is a Gemini server.
type Server struct { type Server struct {
Addr string Addr string
TLSConfig *tls.Config TLSConfig tls.Config
Handler Handler Handler Handler
} }
@ -79,7 +79,7 @@ func (s *Server) ListenAndServe() error {
} }
defer ln.Close() defer ln.Close()
tlsListener := tls.NewListener(ln, s.TLSConfig) tlsListener := tls.NewListener(ln, &s.TLSConfig)
return s.Serve(tlsListener) return s.Serve(tlsListener)
} }