Skip to content

Instantly share code, notes, and snippets.

@lufia

lufia/cert-plan9.go

Last active August 21, 2018 13:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lufia/d6ae36169ecf852da6adabc90d4b0cb2 to your computer and use it in GitHub Desktop.
Save lufia/d6ae36169ecf852da6adabc90d4b0cb2 to your computer and use it in GitHub Desktop.
Download ZIP
Retrieve a certificate
Raw
cert-plan9.go
package main
import (
"context"
"crypto/tls"
"flag"
"io"
"log"
"net/http"
"net/url"
"os"
"github.com/lufia/httpclientutil"
"golang.org/x/crypto/acme/autocert"
)
var (
flagDir = flag.String("dir", ".", "certificate cache dir")
flagDomain = flag.String("dom", "example.com", "domain")
)
func main() {
flag.Parse()
log.SetFlags(0)
m := &autocert.Manager{
Cache: autocert.DirCache(*flagDir),
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(*flagDomain),
ForceRSA: true, // no longer effect
}
go http.ListenAndServe(":http", m.HTTPHandler(nil))
s := &http.Server{
Addr: ":https",
TLSConfig: &tls.Config{
GetCertificate: m.GetCertificate,
},
}
go s.ListenAndServeTLS("", "")
// Plan 9 haven't supported ECDSA algorithm
tr := &http.Transport{
TLSClientConfig: &tls.Config{
CipherSuites: []uint16{
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
},
},
}
http.DefaultClient.Transport = &httpclientutil.RetriableTransport{
Transport: tr,
}
var u url.URL
u.Scheme = "https"
u.Host = *flagDomain
resp, err := http.Get(u.String())
if err != nil {
log.Fatalln(err)
}
io.Copy(os.Stdout, resp.Body)
resp.Body.Close()
s.Shutdown(context.Background())
}
@lufia
Copy link
Author

lufia commented Aug 21, 2018

golang/crypto@8f8078c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment