Using custom certificates with AppEngine

appengine_tls.go

package main

import (
  "crypto/tls"
  "crypto/x509"
  "io/ioutil"
  "net"
  "net/http"

  "appengine"
  "appengine/socket"
)

var tlsConfig *tls.Config

func init() {
  var (
    certFile = "cert.pem"
    keyFile  = "key.pem"
    caFile   = "ca.pem"
  )
  cert, err := tls.LoadX509KeyPair(certFile, keyFile)
  if err != nil {
    panic(err)
  }
  ca, err := ioutil.ReadFile(caFile)
  if err != nil {
    panic(err)
  }
  cpool := x509.NewCertPool()
  if !cpool.AppendCertsFromPEM(ca) {
    panic("could not append certs from pem")
  }
  tlsConfig = &tls.Config{
    Certificates: []tls.Certificate{cert},
    RootCAs:      cpool,
  }
}

func client(c appengine.Context) *docker.Client {
  client := &http.Client{
    Transport: &http.Transport{
      TLSClientConfig: tlsConfig,
      Dial: func(network, addr string) (net.Conn, error) {
        // This works around a bug with socker.Dial in dev env.
        // See: https://code.google.com/p/googleappengine/issues/detail?id=11076
        if appengine.IsDevAppServer() {
          return net.Dial(network, addr)
        }
        return socket.Dial(c, network, addr)
      },
    },
  }
  return client
}