Skip to content

Instantly share code, notes, and snippets.

@muromec
Created March 21, 2013 10:56
Show Gist options
  • Save muromec/5212210 to your computer and use it in GitHub Desktop.
Save muromec/5212210 to your computer and use it in GitHub Desktop.
Simple TSL server in go
package main;
import ("log"; "os"; "net"; "bufio";"crypto/tls";"crypto/x509")
var caPool *x509.CertPool;
var tlsConf tls.Config;
func connLoop(conn net.Conn) {
sconn := tls.Server(conn, &tlsConf);
err := sconn.Handshake();
if(err != nil) {
log.Printf("ssl failed %s", err);
conn.Close();
return;
}
state := sconn.ConnectionState()
log.Printf("connected CN: %s", state.PeerCertificates[0].Subject.CommonName)
reader := bufio.NewReader(sconn)
for {
line, isPrefix, err := reader.ReadLine()
if(err != nil) {
log.Printf("read error");
break;
}
log.Printf("line[%d]: %s", isPrefix, line);
}
conn.Close();
}
func load_ca() {
file, err := os.Open("cert/ca.cert")
data := make([]byte, 2048)
_, err = file.Read(data)
if(err != nil) {
log.Panic("cannot read CA")
return;
}
caPool = x509.NewCertPool()
caOk := caPool.AppendCertsFromPEM(data)
if(!caOk) {
log.Panic("cannot append CA to pool")
}
}
func load_cert() {
cert, err := tls.LoadX509KeyPair("cert/cert.pem", "cert/key.pem")
if(err != nil) {
log.Printf("failed to read cert");
return;
}
tlsConf = tls.Config{ServerName: "texr",
Certificates: []tls.Certificate{cert},
ClientAuth:tls.RequireAndVerifyClientCert,
ClientCAs: caPool,
}
}
func main() {
log.Printf("hello go!");
load_ca();
load_cert();
ln, err := net.Listen("tcp", ":5061")
if(err != nil) {
log.Fatal("listen failed")
}
for {
conn, err := ln.Accept()
if(err != nil) {
log.Print("failed to accept");
continue;
}
go connLoop(conn)
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment