Example #1
0
// Listen for incoming node connections, which are sent on the given channel.
// RemoteCerts must be setup by this point.
func Listen(addr string, ch chan<- *tls.Conn) {

	config := new(tls.Config)
	config.Certificates = []tls.Certificate{Cert}
	config.AuthenticateClient = true

	listener, err := tls.Listen("tcp", addr, config)
	if err != nil {
		panic(err)
	}

	for {
		conn, err := listener.Accept()
		if err != nil {
			panic(err)
		}
		tlsConn := conn.(*tls.Conn)

		err = tlsConn.Handshake()
		if err != nil {
			println(err.Error())
			tlsConn.Close()
			continue
		}

		ch <- tlsConn
	}
}
Example #2
0
func NewTLSListener(port int) (rl *tls.Listener) {
	rl = nil

	// Load the certificate
	pemBytes, err := ioutil.ReadFile("grumble.crt")
	if err != nil {
		log.Printf("Failed to read server.crt: %s", err)
		return
	}

	// Decode the certificate
	cert, _ := pem.Decode(pemBytes)
	if cert == nil {
		log.Printf("Failed to parse server.crt")
		return
	}

	// Load the private key
	keyBytes, err := ioutil.ReadFile("grumble.key")
	if err != nil {
		log.Printf("Failed to read server.key.insecure: %s", err)
		return
	}

	// Decode the private key
	pkPEM, _ := pem.Decode(keyBytes)
	if pkPEM == nil {
		log.Printf("Failed to parse server.key.insecure: %s", err)
		return
	}

	// Determine if we are an RSA private key
	if pkPEM.Type != "RSA PRIVATE KEY" {
		log.Printf("server.key.insecure is not an RSA private key. Found '%s'",
			pkPEM.Type)
		return
	}

	// Check if the PEM file has headers. This will typically
	// mean that it requires a passphrase to decrypt it. For now,
	// let us just assume that people will decrypt them for us, so
	// we can use them without too much work.
	if len(pkPEM.Headers) != 0 {
		log.Printf("server.key.insecure has headers and is probably encrypted.")
		return
	}

	// Parse the PKCS12 private key.
	priv, err := x509.ParsePKCS1PrivateKey(pkPEM.Bytes)
	if err != nil {
		log.Printf("Invalid key in server.key.insecure: %s", err)
		return
	}

	// Create a new TLS config.
	config := new(tls.Config)
	config.Rand = rand.Reader
	config.Time = time.Seconds
	config.Certificates = make([]tls.Certificate, 1)
	config.Certificates[0].Certificate = [][]byte{cert.Bytes}
	config.Certificates[0].PrivateKey = priv
	config.AuthenticateClient = true

	l, err := net.ListenTCP("tcp", &net.TCPAddr{
		net.ParseIP("0.0.0.0"),
		port,
	})
	if err != nil {
		log.Printf("Cannot bind: %s\n", err)
		return
	}

	rl = tls.NewListener(l, config)

	return
}