Skip to content

G
go
Commit 99d258a2 authored by Russ Cox's avatar Russ Cox
Browse files
Options

crypto/tls: good defaults 

R=agl1
CC=golang-dev
https://golang.org/cl/851041
parent 6c196015
Hide whitespace changes
Inline Side-by-side
Showing with 61 additions and 1 deletion
src/pkg/crypto/tls/common.go
View file @ 99d258a2
...@@ -5,9 +5,13 @@ ...@@ -5,9 +5,13 @@
package tls package tls
import ( import (
"crypto/rand"
"crypto/rsa" "crypto/rsa"
"io" "io"
"io/ioutil"
"once"
"os" "os"
"time"
) )
const ( const (
...@@ -130,3 +134,38 @@ func (nop) Sum() []byte { return nil } ...@@ -130,3 +134,38 @@ func (nop) Sum() []byte { return nil }
func (nop) Reset() {} func (nop) Reset() {}
func (nop) Size() int { return 0 } func (nop) Size() int { return 0 }
// The defaultConfig is used in place of a nil *Config in the TLS server and client.
var varDefaultConfig *Config
func defaultConfig() *Config {
once.Do(initDefaultConfig)
return varDefaultConfig
}
// Possible certificate files; stop after finding one.
// On OS X we should really be using the Directory Services keychain
// but that requires a lot of Mach goo to get at. Instead we use
// the same root set that curl uses.
var certFiles = []string{
"/etc/ssl/certs/ca-certificates.crt", // Linux etc
"/usr/share/curl/curl-ca-bundle.crt", // OS X
}
func initDefaultConfig() {
roots := NewCASet()
for _, file := range certFiles {
data, err := ioutil.ReadFile(file)
if err == nil {
roots.SetFromPEM(data)
break
}
}
varDefaultConfig = &Config{
Rand: rand.Reader,
Time: time.Seconds,
RootCAs: roots,
}
}
src/pkg/crypto/tls/tls.go
View file @ 99d258a2
...@@ -125,6 +125,9 @@ type handshaker interface { ...@@ -125,6 +125,9 @@ type handshaker interface {
// Server establishes a secure connection over the given connection and acts // Server establishes a secure connection over the given connection and acts
// as a TLS server. // as a TLS server.
func startTLSGoroutines(conn net.Conn, h handshaker, config *Config) *Conn { func startTLSGoroutines(conn net.Conn, h handshaker, config *Config) *Conn {
if config == nil {
config = defaultConfig()
}
tls := new(Conn) tls := new(Conn)
tls.Conn = conn tls.Conn = conn
...@@ -167,7 +170,6 @@ func (l *Listener) Accept() (c net.Conn, err os.Error) { ...@@ -167,7 +170,6 @@ func (l *Listener) Accept() (c net.Conn, err os.Error) {
if err != nil { if err != nil {
return return
} }
c = Server(c, l.config) c = Server(c, l.config)
return return
} }
...@@ -179,8 +181,27 @@ func (l *Listener) Addr() net.Addr { return l.listener.Addr() } ...@@ -179,8 +181,27 @@ func (l *Listener) Addr() net.Addr { return l.listener.Addr() }
// NewListener creates a Listener which accepts connections from an inner // NewListener creates a Listener which accepts connections from an inner
// Listener and wraps each connection with Server. // Listener and wraps each connection with Server.
func NewListener(listener net.Listener, config *Config) (l *Listener) { func NewListener(listener net.Listener, config *Config) (l *Listener) {
if config == nil {
config = defaultConfig()
}
l = new(Listener) l = new(Listener)
l.listener = listener l.listener = listener
l.config = config l.config = config
return return
} }
func Listen(network, laddr string) (net.Listener, os.Error) {
l, err := net.Listen(network, laddr)
if err != nil {
return nil, err
}
return NewListener(l, nil), nil
}
func Dial(network, laddr, raddr string) (net.Conn, os.Error) {
c, err := net.Dial(network, laddr, raddr)
if err != nil {
return nil, err
}
return Client(c, nil), nil
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7