abdollar/gist:fccae96bb22c12568d9d

## gistfile1.go
package main

import (
	"crypto/tls"
	"crypto/x509"
	"io"
	"io/ioutil"
	"log"
	"net/http"
)

func HelloServer(w http.ResponseWriter, req *http.Request) {
	io.WriteString(w, "hello, world!\n")
}

func main() {
	http.HandleFunc("/hello", HelloServer)

	caCert, err := ioutil.ReadFile("../secure-client/selfsigned.crt")
	if err != nil {
		log.Fatal(err)
	}
	caCertPool := x509.NewCertPool()
	caCertPool.AppendCertsFromPEM(caCert)

	// Setup HTTPS client
	tlsConfig := &tls.Config{
		ClientCAs: caCertPool,
		// NoClientCert
		// RequestClientCert
		// RequireAnyClientCert
		// VerifyClientCertIfGiven
		// RequireAndVerifyClientCert
		ClientAuth: tls.RequireAndVerifyClientCert,
	}
	tlsConfig.BuildNameToCertificate()

	server := &http.Server{
		Addr:      ":8080",
		TLSConfig: tlsConfig,
	}

	server.ListenAndServeTLS("selfsigned.crt", "selfsigned.key") //private cert
}
	package main

	import (
	"crypto/tls"
	"crypto/x509"
	"io"
	"io/ioutil"
	"log"
	"net/http"
	)

	func HelloServer(w http.ResponseWriter, req *http.Request) {
	io.WriteString(w, "hello, world!\n")
	}

	func main() {
	http.HandleFunc("/hello", HelloServer)

	caCert, err := ioutil.ReadFile("../secure-client/selfsigned.crt")
	if err != nil {
	log.Fatal(err)
	}
	caCertPool := x509.NewCertPool()
	caCertPool.AppendCertsFromPEM(caCert)

	// Setup HTTPS client
	tlsConfig := &tls.Config{
	ClientCAs: caCertPool,
	// NoClientCert
	// RequestClientCert
	// RequireAnyClientCert
	// VerifyClientCertIfGiven
	// RequireAndVerifyClientCert
	ClientAuth: tls.RequireAndVerifyClientCert,
	}
	tlsConfig.BuildNameToCertificate()

	server := &http.Server{
	Addr: ":8080",
	TLSConfig: tlsConfig,
	}

	server.ListenAndServeTLS("selfsigned.crt", "selfsigned.key") //private cert
	}