Beispiel #1
0
func main() {
	random, _ := os.Open("/dev/urandom", os.O_RDONLY, 0)
	pembytes := readEntireFile("/home/kris/SSL/gr0g.crt")
	cert, _ := pem.Decode(pembytes)
	keybytes := readEntireFile("/home/kris/SSL/gr0g.key")
	pk, _ := pem.Decode(keybytes)

	privatekey, _ := x509.ParsePKCS1PrivateKey(pk.Bytes)

	config := new(tls.Config)
	config.Certificates = make([]tls.Certificate, 1)
	config.Certificates[0].Certificate = [][]byte{cert.Bytes}
	config.Certificates[0].PrivateKey = privatekey
	config.Rand = random
	//config.RootCAs = caset
	config.Time = time.Seconds
	listener, err := tls.Listen("tcp", "0.0.0.0:8443", config)

	fmt.Printf("%s\n", err)
	for {
		conn, _ := listener.Accept()
		go func() {
			for {
				buf := make([]byte, 1024)
				_, err := conn.Read(buf)
				if err != nil {
					return
				}
				fmt.Printf("%s", buf)
			}
		}()
	}
}
Beispiel #2
0
func main() {
	cert, err := tls.LoadX509KeyPair("server.crt", "server.key")
	if err != nil {
		log.Fatalf("server : loadkeys :%s", err)
	}
	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Time = time.Now
	config.Rand = rand.Reader

	service := "127.0.0.1:10000"
	listener, err := tls.Listen("tcp", service, &config)
	if err != nil {
		log.Fatalf("server : listen: %s", err)
	}
	log.Print("server: listening")
	for {
		conn, err := listener.Accept()
		if err != nil {
			log.Panicf("server:accept :%s", err)
			break
		}
		log.Printf("server : accepted from %s", conn.RemoteAddr())
		go handleClient(conn)
	}
}
Beispiel #3
0
func main() {
	cert, err := tls.LoadX509KeyPair("jan.newmarch.name.pem", "private.pem")
	checkError(err)

	config := tls.Config{Certificates: []tls.Certificate{cert}}

	now := time.Now()
	config.Time = func() time.Time { return now }
	config.Rand = rand.Reader

	service := "192.168.1.105:1200"

	listenter, err := tls.Listen("tcp", service, &config)
	checkError(err)
	fmt.Println("Listening")
	for {
		conn, err := listenter.Accept()
		if err != nil {
			fmt.Println(err.Error())
			continue
		}
		fmt.Println("Accepted")
		go handleClient(conn)
	}
}
Beispiel #4
0
func GetSocket(cfg *ini.Section) (net.Conn, error) {
	var conn net.Conn
	var err error

	host := cfg.Key("host").String()
	port := cfg.Key("port").String()

	address := host + ":" + port
	if _, err = net.ResolveTCPAddr("tcp", address); err != nil {
		return nil, err
	}

	if cfg.Key("ssl").MustBool() {
		key := cfg.Key("sslcert").String()
		private := cfg.Key("sslkey").String()

		cert, err := tls.LoadX509KeyPair(key, private)
		if err != nil {
			err = errors.New("Error when loading SSL certificate: " + err.Error())
			return nil, err
		}

		caCert, err := ioutil.ReadFile(key)
		if err != nil {
			return nil, err
		}
		caCertPool := x509.NewCertPool()
		caCertPool.AppendCertsFromPEM(caCert)

		config := tls.Config{
			RootCAs:      caCertPool,
			Certificates: []tls.Certificate{cert},
		}

		now := time.Now()
		config.Time = func() time.Time { return now }
		config.Rand = rand.Reader

		conn, err = tls.Dial("tcp", address, &config)
		if err != nil {
			return nil, err
		}

	} else {
		conn, err = net.Dial("tcp", address)
		if err != nil {
			return nil, err
		}
	}

	return conn, err
}
Beispiel #5
0
func StartListenSSL() {

	if myopt.ListenSSL == "" {
		return
	}

	var err error
	certFile := myopt.CrtFile
	keyFile := myopt.PemFile

	cert, err := tls.LoadX509KeyPair(certFile, keyFile)

	if err != nil {
		Log("LoadX509KeyPair:", myopt.PemFile, myopt.CrtFile, err)
		return
	}

	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Time = time.Now
	config.Rand = rand.Reader

	addr := myopt.ListenSSL
	lstn, err := tls.Listen("tcp", addr, &config)
	if err != nil {
		Log("Listen:", err)
		return
	}

	Log("SSL Listening on", addr)

	l := lstn
	for {
		srcConn, err := l.Accept()
		if err != nil {
			Log("SSL Accept:", err)
			break
		}
		c, err := newConn(srcConn)
		if err != nil {
			Log("SSL newConn:", err)
			continue
		}
		c.Name = "SSL " + srcConn.RemoteAddr().String()
		c.isSSL = true
		go c.serve()
	}
	return

}
Beispiel #6
0
func ListenerEnableTLS(listener net.Listener, tlsCfg *TlsCfg) net.Listener {
	//openssl genrsa -out server.key 1024
	//openssl req -new -key server.key -out csr.pem
	//openssl x509 -req -in csr.pem -signkey server.key -out cert.pem
	pwd, err := os.Getwd()
	glog.V(KGlogLevel).Infof("pwd: %v\n", pwd)
	//fmt.Printf("pwd: %v\n", pwd)
	//	cert, err := tls.LoadX509KeyPair("./src/utilx/cert.pem", "./src/utilx/server.key")
	cert, err := tls.LoadX509KeyPair(tlsCfg.Pem, tlsCfg.Key)
	if err != nil {
		glog.Fatalf("server: loadkeys: %s", err)
		//log.Fatalf("server: loadkeys: %s", err)
	}
	config := tls.Config{Certificates: []tls.Certificate{cert}}
	config.Time = time.Now
	config.Rand = rand.Reader
	listen := tls.NewListener(listener, &config)
	return listen
}
Beispiel #7
0
func tlsServe(log *logging.Logger, addr, certificate, key string) net.Listener {
	var err error
	var ln net.Listener

	log.Debug("SSL certificate: %s", certificate)
	log.Debug("SSL private key: %s", key)

	cert, err := tls.LoadX509KeyPair(certificate, key)
	if err != nil {
		log.Fatalf("Error when instantiate SSL connection: %v", err)
	}

	caCert, err := ioutil.ReadFile(certificate)
	if err != nil {
		log.Fatal(err)
	}
	caCertPool := x509.NewCertPool()
	caCertPool.AppendCertsFromPEM(caCert)

	config := tls.Config{
		ClientCAs:    caCertPool,
		Certificates: []tls.Certificate{cert},
		ClientAuth:   tls.RequestClientCert,
	}

	now := time.Now()
	config.Time = func() time.Time { return now }
	config.Rand = rand.Reader

	ln, err = tls.Listen("tcp", addr, &config)
	if err != nil {
		log.Fatalf("Error when open connecting with host: %v", err)
	}

	return ln
}
Beispiel #8
0
func NewTLSListener(port int) (rl *tls.Listener) {
	rl = nil

	// Load the certificate
	pemBytes, err := ioutil.ReadFile("grumble.crt")
	if err != nil {
		log.Printf("Failed to read server.crt: %s", err)
		return
	}

	// Decode the certificate
	cert, _ := pem.Decode(pemBytes)
	if cert == nil {
		log.Printf("Failed to parse server.crt")
		return
	}

	// Load the private key
	keyBytes, err := ioutil.ReadFile("grumble.key")
	if err != nil {
		log.Printf("Failed to read server.key.insecure: %s", err)
		return
	}

	// Decode the private key
	pkPEM, _ := pem.Decode(keyBytes)
	if pkPEM == nil {
		log.Printf("Failed to parse server.key.insecure: %s", err)
		return
	}

	// Determine if we are an RSA private key
	if pkPEM.Type != "RSA PRIVATE KEY" {
		log.Printf("server.key.insecure is not an RSA private key. Found '%s'",
			pkPEM.Type)
		return
	}

	// Check if the PEM file has headers. This will typically
	// mean that it requires a passphrase to decrypt it. For now,
	// let us just assume that people will decrypt them for us, so
	// we can use them without too much work.
	if len(pkPEM.Headers) != 0 {
		log.Printf("server.key.insecure has headers and is probably encrypted.")
		return
	}

	// Parse the PKCS12 private key.
	priv, err := x509.ParsePKCS1PrivateKey(pkPEM.Bytes)
	if err != nil {
		log.Printf("Invalid key in server.key.insecure: %s", err)
		return
	}

	// Create a new TLS config.
	config := new(tls.Config)
	config.Rand = rand.Reader
	config.Time = time.Seconds
	config.Certificates = make([]tls.Certificate, 1)
	config.Certificates[0].Certificate = [][]byte{cert.Bytes}
	config.Certificates[0].PrivateKey = priv
	config.AuthenticateClient = true

	l, err := net.ListenTCP("tcp", &net.TCPAddr{
		net.ParseIP("0.0.0.0"),
		port,
	})
	if err != nil {
		log.Printf("Cannot bind: %s\n", err)
		return
	}

	rl = tls.NewListener(l, config)

	return
}