56 lines
1.1 KiB
Go
56 lines
1.1 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"log"
|
|
"mtls/pkg/castore"
|
|
"net/http"
|
|
)
|
|
|
|
var (
|
|
certPool *x509.CertPool
|
|
)
|
|
|
|
const (
|
|
SERVER_CRT_FILE = "pki/server.crt"
|
|
SERVER_KEY_FILE = "pki/server.key"
|
|
SERVER_ADDRESS = ":8080"
|
|
)
|
|
|
|
func main() {
|
|
log.Default().SetFlags(log.Lshortfile)
|
|
certPool = castore.NewCAstore()
|
|
mux := http.NewServeMux()
|
|
mux.HandleFunc("/hello", Hello_handler)
|
|
|
|
serverKeypair, err := tls.LoadX509KeyPair(SERVER_CRT_FILE, SERVER_KEY_FILE)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
server := http.Server{
|
|
TLSConfig: &tls.Config{
|
|
MinVersion: tls.VersionTLS13,
|
|
RootCAs: certPool,
|
|
ClientCAs: certPool,
|
|
Certificates: []tls.Certificate{serverKeypair},
|
|
ClientAuth: tls.RequireAndVerifyClientCert,
|
|
},
|
|
Addr: SERVER_ADDRESS,
|
|
Handler: mux,
|
|
}
|
|
|
|
err = server.ListenAndServeTLS("", "")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func Hello_handler(w http.ResponseWriter, r *http.Request) {
|
|
for _, cert := range r.TLS.PeerCertificates {
|
|
log.Printf("Peer certificate CommonName: %s", cert.Subject.CommonName)
|
|
}
|
|
w.Write([]byte("Hello world\n"))
|
|
}
|