英文:
Golang https server passing certFile and kyeFile in terms of byte array
问题
func ListenAndServeTLS(addr string, certFile string, keyFile string, handler Handler) error
上面是我调用的用于在Golang中启动https服务器的函数。它没有任何问题地工作。然而,随着我有更多的部署,我不想把我的密钥文件放在各个地方。所以我在考虑让程序从一个集中的地方下载密钥文件和证书文件。如果有一个类似的函数接收[]byte而不是string,那对我来说就很容易实现了。但是在文档中似乎没有看到这样的函数。
英文:
func ListenAndServeTLS(addr string, certFile string, keyFile string, handler Handler) error
Above is the function that I call to start an https server in Golang. It works without any problem. However, as I have more deployments, I don't want to put my key files everywhere. So I am thinking to let the program download the key file and cert file from a centralized place. If there would be a similar function receiving []byte as opposed to string, it would be easy for me to do that. But it seems I don't see such function in the documentations.
答案1
得分: 5
看起来,在ListenAndServeTLS的源代码中(https://github.com/golang/go/blob/883bc6ed0ea815293fe6309d66f967ea60630e87/src/net/http/server.go#L1853-L1880),似乎没有选项,它总是调用tls.LoadX509KeyPair。
这很不幸;可能值得提交一个功能请求。
与此同时,ListenAndServeTLS方法并不大,并且(除了tcpKeepAliveListener之外)它没有使用任何非导出的内容,因此将该方法的主体复制到您自己的函数中并用tls.X509KeyPair替换Load509KeyPair应该很简单,tls.X509KeyPair接受PEM编码数据的[]byte而不是文件名。(或者可能使用tls.Certificate参数。)
例如,类似这样的代码:https://play.golang.org/p/ui_8dS8ouU
英文:
Looking at the source of ListenAndServeTLS it seems that there is no option, it always calls tls.LoadX509KeyPair.
That's unfortunate; possibly worth submitting a feature request.
In the meantime, the ListenAndServeTLS method is not large, and (other than tcpKeepAliveListener) it does not use anything non-exported so it'd simple to copy the body of that method to your own function and replace Load509KeyPair with tls.X509KeyPair, which does take []byte of PEM encoded data rather than filenames. (Or perhaps take a tls.Certificate argument instead.)
E.g. something like https://play.golang.org/p/ui_8dS8ouU
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论