What is the proper way to handle TLSNextProto in golang net/http?

huangapple
go评论85阅读模式
英文:

What is the proper way to handle TLSNextProto in golang net/http?

问题

使用golang的net/http包和SPDY进行开发时,有一些令我困惑的地方:

TLSNextProto函数中,无法读取*tls.Conn对象。任何读取尝试都会得到一个"connection reset by peer"的错误。

运行以下程序,并使用启用了SPDY的Chrome访问https://localhost:8080/

我是否以错误的方式使用了TLS连接对象?请帮助我。

package main

import (
    "crypto/tls"
    "log"
    "net/http"
)

func main() {
    server := &http.Server{
        Addr: ":8080",
        TLSConfig: &tls.Config{
            NextProtos: []string{"spdy/3"},
        },
        TLSNextProto: map[string]func(*http.Server, *tls.Conn, http.Handler){
            "spdy/3": func(s *http.Server, conn *tls.Conn, h http.Handler) {
                buf := make([]byte, 1)
                if n, err := conn.Read(buf); err != nil {
                    log.Panicf("%v|%v\n", n, err)
                }
            },
        },
    }

    err := server.ListenAndServeTLS("/path/to/host.cert", "/path/to/host.key")
    if err != nil {
        log.Fatal(err)
    }
}
英文:

Playing with golang's net/http package and SPDY. Something is really confusing me:

The *tls.Conn of TLSNextProto function can't be read at all. Any read attempt will get a "connection reset by peer" error.

Run the following program, and then access https://localhost:8080/ using Chrome with SPDY enabled.

Am I using the TLS connection object in a wrong way? Please help.

package main

import (
    "crypto/tls"
    "log"
    "net/http"
)

func main() {
    server := &http.Server{
        Addr: ":8080",
        TLSConfig: &tls.Config{
            NextProtos: []string{"spdy/3"},
        },
        TLSNextProto: map[string]func(*http.Server, *tls.Conn, http.Handler){
            "spdy/3": func(s *http.Server, conn *tls.Conn, h http.Handler) {
                buf := make([]byte, 1)
                if n, err := conn.Read(buf); err != nil {
                    log.Panicf("%v|%v\n", n, err)
                }
            },
        },
    }

    err := server.ListenAndServeTLS("/path/to/host.cert", "/path/to/host.key")
    if err != nil {
        log.Fatal(err)
    }
}

答案1

得分: 2

好的,我明白了。这是证书问题。如果由server.ListenAndServeTLS()使用的证书未经浏览器(Chrome)信任的CA签名,连接将被重置。要创建自己的CA和证书,请参考http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/。

英文:

OK. I got it. It is the certificate issue. If the certificate used by server.ListenAndServeTLS() is not signed by a CA trusted by the browser(Chrome), connection will be reset. For creating you own CA and cert, following http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/

huangapple
  • 本文由 发表于 2013年9月23日 14:44:17
  • 转载请务必保留本文链接:https://go.coder-hub.com/18953186.html
  • go
  • http
  • https
  • ssl
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定