sashakoshka/go-gemini
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create the certificate store if it does not exist

Browse Source
This commit is contained in:
adnano 2020-09-29 11:12:23 -04:00
parent 8facfabec5
commit fbc1f76194
5 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -84,12 +84,10 @@ Gemini takes advantage of client certificates for authentication.
If a server responds with `StatusCertificateRequired`, clients will generate a If a server responds with `StatusCertificateRequired`, clients will generate a
certificate for the site and resend the request with the provided certificate. certificate for the site and resend the request with the provided certificate.
The default client handles this for you. Other clients must specify the fields The default client handles this for you. Other clients must specify the field
`CertificateStore` and `GetCertificate`: `GetCertificate`:
```go ```go
// Initialize the certificate store.
client.CertificateStore = gmi.CertificateStore{}
// GetCertificate is called when a server requests a certificate. // GetCertificate is called when a server requests a certificate.
// The returned certificate, if not nil, will be used when resending the request. // The returned certificate, if not nil, will be used when resending the request.
client.GetCertificate = func(hostname string, store gmi.CertificateStore) *tls.Certificate { client.GetCertificate = func(hostname string, store gmi.CertificateStore) *tls.Certificate {
@ -109,7 +107,6 @@ client.GetCertificate = func(hostname string, store gmi.CertificateStore) *tls.C
} }
``` ```
Servers can then authenticate their clients with the fingerprint of their Servers can then authenticate their clients with the fingerprint of their
certificates. certificates.

4
client.go
View File

@ -276,6 +276,10 @@ func (c *Client) Send(req *Request) (*Response, error) {
if req.Certificate != nil { if req.Certificate != nil {
return resp, nil return resp, nil
} }
// Create the certificate store if it does not exist
if c.CertificateStore == nil {
c.CertificateStore = CertificateStore{}
}
if c.GetCertificate != nil { if c.GetCertificate != nil {
if cert := c.GetCertificate(req.Hostname(), c.CertificateStore); cert != nil { if cert := c.GetCertificate(req.Hostname(), c.CertificateStore); cert != nil {
req.Certificate = cert req.Certificate = cert

2
examples/auth/auth.go
View File

@ -79,7 +79,7 @@ func login(rw *gmi.ResponseWriter, req *gmi.Request) {
sessions[fingerprint] = &session{ sessions[fingerprint] = &session{
username: username, username: username,
} }
gmi.Redirect(rw, req, "/login#password") gmi.Redirect(rw, req, "/login/password")
}) })
}) })
} }

2
examples/client/client.go
View File

@ -48,8 +48,6 @@ func init() {
} }
return err return err
} }
client.CertificateStore = gmi.CertificateStore{}
client.GetCertificate = func(hostname string, store gmi.CertificateStore) *tls.Certificate { client.GetCertificate = func(hostname string, store gmi.CertificateStore) *tls.Certificate {
// If the certificate is in the store, return it // If the certificate is in the store, return it
if cert, ok := store[hostname]; ok { if cert, ok := store[hostname]; ok {

1
gemini.go
View File

@ -76,7 +76,6 @@ func init() {
var setupDefaultClientOnce sync.Once var setupDefaultClientOnce sync.Once
func setupDefaultClient() { func setupDefaultClient() {
DefaultClient.CertificateStore = CertificateStore{}
DefaultClient.KnownHosts.Load() DefaultClient.KnownHosts.Load()
} }