func (s *StartTLSElement) Handle(st stream.ServerStream, opts features.Options) error {
conf := opts.(*startTLSConf)
cert, err := tls.LoadX509KeyPair(conf.PEMPath, conf.KeyPath)
if err != nil {
log.Println("Could not load keys:", err)
return err
}
config := &tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tls.VerifyClientCertIfGiven,
Rand: rand.Reader,
}
err = st.UpdateRW(func(srwc io.ReadWriteCloser) (io.ReadWriteCloser, error) {
if conn, ok := srwc.(net.Conn); ok {
tls_conn := tls.Server(conn, config)
// Once we inialized - let client proceed
if err := st.WriteElement(&ProceedElement{}); err != nil {
return nil, err
}
// Now do a handshake
if err := tls_conn.Handshake(); err != nil {
log.Println("TLS Handshake error:", err)
return nil, err
}
return tls_conn, nil
}
return nil, errors.New("Wrong ReadWriteCloser, expected connection")
})
if err != nil {
log.Println("Could not replace connection", err)
return err
}
state := NewStartTLSState()
state.Started = true
st.State().Push(state)
st.ReOpen()
return nil
}
