aboutsummaryrefslogtreecommitdiff
path: root/cert.go
diff options
context:
space:
mode:
Diffstat (limited to 'cert.go')
-rw-r--r--cert.go46
1 files changed, 46 insertions, 0 deletions
diff --git a/cert.go b/cert.go
new file mode 100644
index 0000000..38c534d
--- /dev/null
+++ b/cert.go
@@ -0,0 +1,46 @@
+package goxy
+
+import (
+ "crypto/tls"
+ "crypto/x509"
+ "fmt"
+ "net/http"
+)
+
+// Certs holds certificates
+type Certs map[string]*tls.Certificate
+
+// GetCertificate returns certificate for SNI negotiation
+func (c Certs) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
+ if v, ok := c[h.ServerName]; ok {
+ return v, nil
+ }
+ return nil, fmt.Errorf("no cert for %q", h.ServerName)
+}
+
+func (c Certs) addCertificate(cert, key []byte) error {
+ crt, err := tls.X509KeyPair(cert, key)
+ if err != nil {
+ return err
+ }
+ crt.Leaf, err = x509.ParseCertificate(crt.Certificate[0])
+ if err != nil {
+ return err
+ }
+ if cn := crt.Leaf.Subject.CommonName; cn != "" {
+ c[cn] = &crt
+ }
+ for _, name := range crt.Leaf.DNSNames {
+ c[name] = &crt
+ }
+ for _, ip := range crt.Leaf.IPAddresses {
+ c[ip.String()] = &crt
+ }
+ return nil
+}
+
+func (c Certs) ServeHTTP(w http.ResponseWriter, _ *http.Request) {
+ for k, v := range c {
+ fmt.Fprintf(w, "%v: valid untill %v\n", k, v.Leaf.NotAfter)
+ }
+}