Last active
March 17, 2023 19:29
-
-
Save jrick/35949f48e8c9334e796016c3cfe1e332 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/tls" | |
| "crypto/x509" | |
| "flag" | |
| "fmt" | |
| "io" | |
| "os" | |
| ) | |
| var ( | |
| clientCertFile = flag.String("clientcert", "client.cert", "client certificate") | |
| clientKeyFile = flag.String("clientkey", "client.key", "client key") | |
| serverCertFile = flag.String("servercert", "server.cert", "server certificate") | |
| serverAddress = flag.String("connect", "127.0.0.1:12345", "server address") | |
| ) | |
| func main() { | |
| flag.Parse() | |
| keyPair, err := tls.LoadX509KeyPair(*clientCertFile, *clientKeyFile) | |
| if err != nil { | |
| fmt.Fprintln(os.Stderr, err) | |
| os.Exit(1) | |
| } | |
| cafile, err := os.ReadFile(*serverCertFile) | |
| if err != nil { | |
| fmt.Fprintln(os.Stderr, "can't read server cert:", err) | |
| os.Exit(1) | |
| } | |
| serverCAs := x509.NewCertPool() | |
| if !serverCAs.AppendCertsFromPEM(cafile) { | |
| fmt.Fprintln(os.Stderr, "no server certificates found") | |
| os.Exit(1) | |
| } | |
| tc := &tls.Config{ | |
| Certificates: []tls.Certificate{keyPair}, | |
| MinVersion: tls.VersionTLS12, | |
| RootCAs: serverCAs, | |
| } | |
| conn, err := tls.Dial("tcp", *serverAddress, tc) | |
| if err != nil { | |
| fmt.Fprintln(os.Stderr, "dial:", err) | |
| os.Exit(1) | |
| } | |
| _, err = io.Copy(conn, os.Stdin) | |
| if err != nil { | |
| fmt.Fprintln(os.Stderr, "write:", err) | |
| os.Exit(1) | |
| } | |
| conn.Close() | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ go build client.go | |
| $ go build server.go | |
| $ gencerts client.{cert,key} | |
| $ gencerts -L server.{cert,key} | |
| $ ./server & | |
| [1] 62778 | |
| $ echo hello | ./client | |
| hello | |
| $ fg | |
| ./server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/tls" | |
| "crypto/x509" | |
| "flag" | |
| "fmt" | |
| "io" | |
| "os" | |
| ) | |
| var ( | |
| clientCertFile = flag.String("clientcert", "client.cert", "client certificate") | |
| serverCertFile = flag.String("servercert", "server.cert", "server certificate") | |
| serverKeyFile = flag.String("serverkey", "server.key", "server key") | |
| listenAddress = flag.String("listen", ":12345", "listen address") | |
| ) | |
| func main() { | |
| flag.Parse() | |
| keyPair, err := tls.LoadX509KeyPair(*serverCertFile, *serverKeyFile) | |
| if err != nil { | |
| fmt.Fprintln(os.Stderr, err) | |
| os.Exit(1) | |
| } | |
| cafile, err := os.ReadFile(*clientCertFile) | |
| if err != nil { | |
| fmt.Fprintln(os.Stderr, "can't read client cert:", err) | |
| os.Exit(1) | |
| } | |
| clientCAs := x509.NewCertPool() | |
| if !clientCAs.AppendCertsFromPEM(cafile) { | |
| fmt.Fprintln(os.Stderr, "no client certificates found") | |
| os.Exit(1) | |
| } | |
| tc := &tls.Config{ | |
| Certificates: []tls.Certificate{keyPair}, | |
| MinVersion: tls.VersionTLS12, | |
| ClientAuth: tls.RequireAndVerifyClientCert, | |
| ClientCAs: clientCAs, | |
| } | |
| lis, err := tls.Listen("tcp", *listenAddress, tc) | |
| if err != nil { | |
| fmt.Fprintln(os.Stderr, "listen:", err) | |
| os.Exit(1) | |
| } | |
| conn, err := lis.Accept() | |
| if err != nil { | |
| fmt.Fprintln(os.Stderr, "accept:", err) | |
| os.Exit(1) | |
| } | |
| _, err = io.Copy(os.Stderr, conn) | |
| if err != nil { | |
| fmt.Fprintln(os.Stderr, "read:", err) | |
| os.Exit(1) | |
| } | |
| conn.Close() | |
| lis.Close() | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment