55 lines
1.1 KiB
Go
55 lines
1.1 KiB
Go
|
package main
|
||
|
|
|
||
|
|
import (
|
||
|
|
"fmt"
|
||
|
|
"net/http"
|
||
|
|
"crypto/tls"
|
||
|
|
"crypto/x509"
|
||
|
|
"os"
|
||
|
|
)
|
||
|
|
|
||
|
|
func main() {
|
||
|
|
mux := &http.ServeMux{}
|
||
|
|
mux.HandleFunc("/", handle_default)
|
||
|
|
|
||
|
|
serverCert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key")
|
||
|
|
if err != nil {
|
||
|
|
fmt.Println("cert load error:", err)
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
rootRaw, err := os.ReadFile("certs/root.pem")
|
||
|
|
if err != nil {
|
||
|
|
fmt.Println("root cert read error:", err)
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
pool := x509.NewCertPool()
|
||
|
|
if !pool.AppendCertsFromPEM(rootRaw) {
|
||
|
|
fmt.Println("add pem not ok")
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
sv := &http.Server{
|
||
|
|
Addr: ":8080",
|
||
|
|
Handler: mux,
|
||
|
|
TLSConfig: &tls.Config{
|
||
|
|
MinVersion: tls.VersionTLS13,
|
||
|
|
PreferServerCipherSuites: true,
|
||
|
|
Certificates: []tls.Certificate{serverCert},
|
||
|
|
ClientAuth: tls.RequireAndVerifyClientCert,
|
||
|
|
//ClientAuth: tls.RequireAnyClientCert,
|
||
|
|
ClientCAs: pool,
|
||
|
|
},
|
||
|
|
}
|
||
|
|
|
||
|
|
//sv.ListenAndServeTLS("certs/server.crt", "certs/server.key")
|
||
|
|
fmt.Println("starting...")
|
||
|
|
err = sv.ListenAndServeTLS("", "")
|
||
|
|
fmt.Println(err)
|
||
|
|
}
|
||
|
|
|
||
|
|
func handle_default(w http.ResponseWriter, req *http.Request) {
|
||
|
|
fmt.Fprintln(w, "hello.")
|
||
|
|
}
|