英文:
What is the proper way to handle TLSNextProto in golang net/http?
问题
使用golang的net/http
包和SPDY进行开发时,有一些令我困惑的地方:
在TLSNextProto
函数中,无法读取*tls.Conn
对象。任何读取尝试都会得到一个"connection reset by peer"的错误。
运行以下程序,并使用启用了SPDY的Chrome访问https://localhost:8080/
。
我是否以错误的方式使用了TLS连接对象?请帮助我。
package main
import (
"crypto/tls"
"log"
"net/http"
)
func main() {
server := &http.Server{
Addr: ":8080",
TLSConfig: &tls.Config{
NextProtos: []string{"spdy/3"},
},
TLSNextProto: map[string]func(*http.Server, *tls.Conn, http.Handler){
"spdy/3": func(s *http.Server, conn *tls.Conn, h http.Handler) {
buf := make([]byte, 1)
if n, err := conn.Read(buf); err != nil {
log.Panicf("%v|%v\n", n, err)
}
},
},
}
err := server.ListenAndServeTLS("/path/to/host.cert", "/path/to/host.key")
if err != nil {
log.Fatal(err)
}
}
英文:
Playing with golang's net/http
package and SPDY. Something is really confusing me:
The *tls.Conn
of TLSNextProto
function can't be read at all. Any read attempt will get a "connection reset by peer" error.
Run the following program, and then access https://localhost:8080/
using Chrome with SPDY enabled.
Am I using the TLS connection object in a wrong way? Please help.
package main
import (
"crypto/tls"
"log"
"net/http"
)
func main() {
server := &http.Server{
Addr: ":8080",
TLSConfig: &tls.Config{
NextProtos: []string{"spdy/3"},
},
TLSNextProto: map[string]func(*http.Server, *tls.Conn, http.Handler){
"spdy/3": func(s *http.Server, conn *tls.Conn, h http.Handler) {
buf := make([]byte, 1)
if n, err := conn.Read(buf); err != nil {
log.Panicf("%v|%v\n", n, err)
}
},
},
}
err := server.ListenAndServeTLS("/path/to/host.cert", "/path/to/host.key")
if err != nil {
log.Fatal(err)
}
}
答案1
得分: 2
好的,我明白了。这是证书问题。如果由server.ListenAndServeTLS()使用的证书未经浏览器(Chrome)信任的CA签名,连接将被重置。要创建自己的CA和证书,请参考http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/。
英文:
OK. I got it. It is the certificate issue. If the certificate used by server.ListenAndServeTLS() is not signed by a CA trusted by the browser(Chrome), connection will be reset. For creating you own CA and cert, following http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论