// InitServerCert initializes a PK + cert for use by a server proxy, signed by // the CA certificate. We always generate a new certificate just in case. func (ctx *CertContext) InitServerCert(host string) (err error) { if ctx.PK, err = keyman.LoadPKFromFile(ctx.PKFile); err != nil { if os.IsNotExist(err) { fmt.Printf("Creating new PK at: %s\n", ctx.PKFile) if ctx.PK, err = keyman.GeneratePK(2048); err != nil { return } if err = ctx.PK.WriteToFile(ctx.PKFile); err != nil { return fmt.Errorf("Unable to save private key: %s\n", err) } } else { return fmt.Errorf("Unable to read private key, even though it exists: %s\n", err) } } fmt.Printf("Creating new server cert at: %s\n", ctx.ServerCertFile) ctx.ServerCert, err = ctx.PK.TLSCertificateFor("Lantern", host, tenYearsFromToday, true, nil) if err != nil { return } err = ctx.ServerCert.WriteToFile(ctx.ServerCertFile) if err != nil { return } return nil }
func startHttpsServer(t *testing.T) { if httpsAddr != "" { return } var err error pk, err = keyman.GeneratePK(2048) if err != nil { t.Fatalf("Unable to generate key: %s", err) } // Generate self-signed certificate cert, err = pk.TLSCertificateFor("tlsdialer", "localhost", time.Now().Add(1*time.Hour), true, nil) if err != nil { t.Fatalf("Unable to generate cert: %s", err) } keypair, err := tls.X509KeyPair(cert.PEMEncoded(), pk.PEMEncoded()) if err != nil { t.Fatalf("Unable to generate x509 key pair: %s", err) } l, err := tls.Listen("tcp", "localhost:0", &tls.Config{ Certificates: []tls.Certificate{keypair}, }) if err != nil { t.Fatalf("HTTP unable to listen: %v", err) } httpsAddr = l.Addr().String() doStartServer(t, l) }
func init() { pk, err := keyman.GeneratePK(2048) if err != nil { log.Fatalf("Unable to generate key: %s", err) } // Generate self-signed certificate cert, err = pk.TLSCertificateFor("tlsdialer", "localhost", time.Now().Add(1*time.Hour), true, nil) if err != nil { log.Fatalf("Unable to generate cert: %s", err) } keypair, err := tls.X509KeyPair(cert.PEMEncoded(), pk.PEMEncoded()) if err != nil { log.Fatalf("Unable to generate x509 key pair: %s", err) } listener, err := tls.Listen("tcp", ADDR, &tls.Config{ Certificates: []tls.Certificate{keypair}, }) if err != nil { log.Fatalf("Unable to listen: %s", err) } go func() { for { conn, err := listener.Accept() if err != nil { log.Fatalf("Unable to accept: %s", err) } go func() { tlsConn := conn.(*tls.Conn) // Discard this error, since we will use it for testing _ = tlsConn.Handshake() serverName := tlsConn.ConnectionState().ServerName if err := conn.Close(); err != nil { log.Fatalf("Unable to close connection: %v", err) } receivedServerNames <- serverName }() } }() }