-
Notifications
You must be signed in to change notification settings - Fork 83
/
tls.go
113 lines (94 loc) · 3.46 KB
/
tls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package telnet
import (
"crypto/tls"
"net"
)
// ListenAndServeTLS acts identically to ListenAndServe, except that it
// uses the TELNET protocol over TLS.
//
// From a TELNET protocol point-of-view, it allows for 'secured telnet', also known as TELNETS,
// which by default listens to port 992.
//
// Of course, this port can be overridden using the 'addr' argument.
//
// For a very simple example:
//
// package main
//
// import (
// "github.com/reiver/go-telnet"
// )
//
// func main() {
//
// //@TODO: In your code, you would probably want to use a different handler.
// var handler telnet.Handler = telnet.EchoHandler
//
// err := telnet.ListenAndServeTLS(":5555", "cert.pem", "key.pem", handler)
// if nil != err {
// //@TODO: Handle this error better.
// panic(err)
// }
// }
func ListenAndServeTLS(addr string, certFile string, keyFile string, handler Handler) error {
server := &Server{Addr: addr, Handler: handler}
return server.ListenAndServeTLS(certFile, keyFile)
}
// ListenAndServeTLS acts identically to ListenAndServe, except that it
// uses the TELNET protocol over TLS.
//
// From a TELNET protocol point-of-view, it allows for 'secured telnet', also known as TELNETS,
// which by default listens to port 992.
func (server *Server) ListenAndServeTLS(certFile string, keyFile string) error {
addr := server.Addr
if "" == addr {
addr = ":telnets"
}
listener, err := net.Listen("tcp", addr)
if nil != err {
return err
}
// Apparently have to make a copy of the TLS config this way, rather than by
// simple assignment, to prevent some unexported fields from being copied over.
//
// It would be nice if tls.Config had a method that would do this "safely".
// (I.e., what happens if in the future more exported fields are added to
// tls.Config?)
var tlsConfig *tls.Config = nil
if nil == server.TLSConfig {
tlsConfig = &tls.Config{}
} else {
tlsConfig = &tls.Config{
Rand: server.TLSConfig.Rand,
Time: server.TLSConfig.Time,
Certificates: server.TLSConfig.Certificates,
NameToCertificate: server.TLSConfig.NameToCertificate,
GetCertificate: server.TLSConfig.GetCertificate,
RootCAs: server.TLSConfig.RootCAs,
NextProtos: server.TLSConfig.NextProtos,
ServerName: server.TLSConfig.ServerName,
ClientAuth: server.TLSConfig.ClientAuth,
ClientCAs: server.TLSConfig.ClientCAs,
InsecureSkipVerify: server.TLSConfig.InsecureSkipVerify,
CipherSuites: server.TLSConfig.CipherSuites,
PreferServerCipherSuites: server.TLSConfig.PreferServerCipherSuites,
SessionTicketsDisabled: server.TLSConfig.SessionTicketsDisabled,
SessionTicketKey: server.TLSConfig.SessionTicketKey,
ClientSessionCache: server.TLSConfig.ClientSessionCache,
MinVersion: server.TLSConfig.MinVersion,
MaxVersion: server.TLSConfig.MaxVersion,
CurvePreferences: server.TLSConfig.CurvePreferences,
}
}
tlsConfigHasCertificate := len(tlsConfig.Certificates) > 0 || nil != tlsConfig.GetCertificate
if "" == certFile || "" == keyFile || !tlsConfigHasCertificate {
tlsConfig.Certificates = make([]tls.Certificate, 1)
var err error
tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
if nil != err {
return err
}
}
tlsListener := tls.NewListener(listener, tlsConfig)
return server.Serve(tlsListener)
}