Replace tlsserver.go with tls.LoadX509KeyPair.

2011-04-28 20:45:22 +02:00 · 2011-04-28 20:45:22 +02:00 · f8d511a8c3
commit f8d511a8c3
parent 560ebf2137
3 changed files with 22 additions and 95 deletions
--- a/1
+++ b/1
@ -30,7 +30,6 @@ LDFLAGS = \
 GOFILES = \
 	grumble.go \
 	message.go \
-	tlsserver.go \
 	server.go \
 	client.go \
 	channel.go \
--- a/server.go
+++ b/server.go
@ -22,6 +22,7 @@ import (
 	"gob"
 	"hash"
 	"io"
+	"path/filepath"
 	"rand"
 	"strings"
 )
@ -47,6 +48,7 @@ type Server struct {
 	address  string
 	port     int
 	udpconn  *net.UDPConn
+	tlscfg   *tls.Config
 	running  bool

 	incoming       chan *Message
@ -1091,12 +1093,28 @@ func (s *Server) ListenAndMurmur() {
 	go s.SendUDP()

 	// Create a new listening TLS socket.
-	l := NewTLSListener(s.port)
-	if l == nil {
-		log.Printf("Unable to create TLS listener")
+	cert, err := tls.LoadX509KeyPair(filepath.Join(*datadir, "cert"), filepath.Join(*datadir, "key"))
+	if err != nil {
+		log.Printf("Unable to load x509 key pair: %v", err)
 		return
 	}

+	cfg := new(tls.Config)
+	cfg.Certificates = append(cfg.Certificates, cert)
+	cfg.AuthenticateClient = true
+	s.tlscfg = cfg
+
+	tl, err := net.ListenTCP("tcp", &net.TCPAddr{
+		net.ParseIP("0.0.0.0"),
+		s.port,
+	})
+	if err != nil {
+		log.Printf("Cannot bind: %s\n", err)
+		return
+	}
+
+	listener := tls.NewListener(tl, s.tlscfg)
+
 	log.Printf("Created new Murmur instance on port %v", s.port)

 	// The main accept loop. Basically, we block
@ -1105,7 +1123,7 @@ func (s *Server) ListenAndMurmur() {
 	// a new Go-routine to handle the client.
 	for {
 		// New client connected
-		conn, err := l.Accept()
+		conn, err := listener.Accept()
 		if err != nil {
 			log.Printf("Unable to accept() new client.")
 		}
--- a/tlsserver.go
+++ b/tlsserver.go
@ -1,90 +0,0 @@
-package main
-
-import (
-	"log"
-	"time"
-	"net"
-	"crypto/tls"
-	"crypto/rand"
-	"encoding/pem"
-	"crypto/x509"
-	"io/ioutil"
-	"path/filepath"
-)
-
-func NewTLSListener(port int) (rl *tls.Listener) {
-	rl = nil
-
-	// Load the certificate
-	pemBytes, err := ioutil.ReadFile(filepath.Join(*datadir, "cert"))
-	if err != nil {
-		log.Printf("Failed to read server.crt: %s", err)
-		return
-	}
-
-	// Decode the certificate
-	cert, _ := pem.Decode(pemBytes)
-	if cert == nil {
-		log.Printf("Failed to parse server.crt")
-		return
-	}
-
-	// Load the private key
-	keyBytes, err := ioutil.ReadFile(filepath.Join(*datadir, "key"))
-	if err != nil {
-		log.Printf("Failed to read server.key.insecure: %s", err)
-		return
-	}
-
-	// Decode the private key
-	pkPEM, _ := pem.Decode(keyBytes)
-	if pkPEM == nil {
-		log.Printf("Failed to parse server.key.insecure: %s", err)
-		return
-	}
-
-	// Determine if we are an RSA private key
-	if pkPEM.Type != "RSA PRIVATE KEY" {
-		log.Printf("server.key.insecure is not an RSA private key. Found '%s'",
-			pkPEM.Type)
-		return
-	}
-
-	// Check if the PEM file has headers. This will typically
-	// mean that it requires a passphrase to decrypt it. For now,
-	// let us just assume that people will decrypt them for us, so
-	// we can use them without too much work.
-	if len(pkPEM.Headers) != 0 {
-		log.Printf("server.key.insecure has headers and is probably encrypted.")
-		return
-	}
-
-	// Parse the PKCS12 private key.
-	priv, err := x509.ParsePKCS1PrivateKey(pkPEM.Bytes)
-	if err != nil {
-		log.Printf("Invalid key in server.key.insecure: %s", err)
-		return
-	}
-
-	// Create a new TLS config.
-	config := new(tls.Config)
-	config.Rand = rand.Reader
-	config.Time = time.Seconds
-	config.Certificates = make([]tls.Certificate, 1)
-	config.Certificates[0].Certificate = [][]byte{cert.Bytes}
-	config.Certificates[0].PrivateKey = priv
-	config.AuthenticateClient = true
-
-	l, err := net.ListenTCP("tcp", &net.TCPAddr{
-		net.ParseIP("0.0.0.0"),
-		port,
-	})
-	if err != nil {
-		log.Printf("Cannot bind: %s\n", err)
-		return
-	}
-
-	rl = tls.NewListener(l, config)
-
-	return
-}