muromec/tls_server.go

## tls_server.go
package main;

import ("log"; "os"; "net"; "bufio";"crypto/tls";"crypto/x509")

var caPool *x509.CertPool;
var tlsConf tls.Config;

func connLoop(conn net.Conn) {
    sconn := tls.Server(conn, &tlsConf);
    err := sconn.Handshake();

    if(err != nil) {
        log.Printf("ssl failed %s", err);
        conn.Close();
        return;
    }

    state := sconn.ConnectionState()
    log.Printf("connected CN: %s", state.PeerCertificates[0].Subject.CommonName)

    reader := bufio.NewReader(sconn)
    for {
        line, isPrefix, err := reader.ReadLine()
        if(err != nil) {
            log.Printf("read error");
            break;
        }
        log.Printf("line[%d]: %s", isPrefix, line);
    }
    conn.Close();
}

func load_ca() {
    file, err := os.Open("cert/ca.cert")
    data := make([]byte, 2048)
    _, err = file.Read(data)
    if(err != nil) {
        log.Panic("cannot read CA")
        return;
    }

    caPool = x509.NewCertPool()
    caOk := caPool.AppendCertsFromPEM(data)
    if(!caOk) {
        log.Panic("cannot append CA to pool")
    }
}

func load_cert() {
    cert, err := tls.LoadX509KeyPair("cert/cert.pem", "cert/key.pem")
    if(err != nil) {
        log.Printf("failed to read cert");
        return;
    }

    tlsConf = tls.Config{ServerName: "texr",
        Certificates: []tls.Certificate{cert},
        ClientAuth:tls.RequireAndVerifyClientCert,
        ClientCAs: caPool,
    }
}

func main() {
    log.Printf("hello go!");
    load_ca();
    load_cert();

    ln, err := net.Listen("tcp", ":5061")
    if(err != nil) {
        log.Fatal("listen failed")
    }
    for {
        conn, err := ln.Accept()
        if(err != nil) {
            log.Print("failed to accept");
            continue;
        }
        go connLoop(conn)

    }
}
	package main;

	import ("log"; "os"; "net"; "bufio";"crypto/tls";"crypto/x509")

	var caPool *x509.CertPool;
	var tlsConf tls.Config;

	func connLoop(conn net.Conn) {
	sconn := tls.Server(conn, &tlsConf);
	err := sconn.Handshake();

	if(err != nil) {
	log.Printf("ssl failed %s", err);
	conn.Close();
	return;
	}

	state := sconn.ConnectionState()
	log.Printf("connected CN: %s", state.PeerCertificates[0].Subject.CommonName)

	reader := bufio.NewReader(sconn)
	for {
	line, isPrefix, err := reader.ReadLine()
	if(err != nil) {
	log.Printf("read error");
	break;
	}
	log.Printf("line[%d]: %s", isPrefix, line);
	}
	conn.Close();
	}

	func load_ca() {
	file, err := os.Open("cert/ca.cert")
	data := make([]byte, 2048)
	_, err = file.Read(data)
	if(err != nil) {
	log.Panic("cannot read CA")
	return;
	}

	caPool = x509.NewCertPool()
	caOk := caPool.AppendCertsFromPEM(data)
	if(!caOk) {
	log.Panic("cannot append CA to pool")
	}
	}

	func load_cert() {
	cert, err := tls.LoadX509KeyPair("cert/cert.pem", "cert/key.pem")
	if(err != nil) {
	log.Printf("failed to read cert");
	return;
	}

	tlsConf = tls.Config{ServerName: "texr",
	Certificates: []tls.Certificate{cert},
	ClientAuth:tls.RequireAndVerifyClientCert,
	ClientCAs: caPool,
	}
	}

	func main() {
	log.Printf("hello go!");
	load_ca();
	load_cert();

	ln, err := net.Listen("tcp", ":5061")
	if(err != nil) {
	log.Fatal("listen failed")
	}
	for {
	conn, err := ln.Accept()
	if(err != nil) {
	log.Print("failed to accept");
	continue;
	}
	go connLoop(conn)

	}
	}