diff options
| author | Russ Cox <rsc@golang.org> | 2010-04-05 14:38:02 -0700 |
|---|---|---|
| committer | Russ Cox <rsc@golang.org> | 2010-04-05 14:38:02 -0700 |
| commit | c1ca880a2324453086fc744619fd5e438d94e9a8 (patch) | |
| tree | 8232f32b3ba12d2a07a64caaf5614a3cb0d34d8a /src/pkg/crypto | |
| parent | e1b021aaf220611b99a25e40b618d0bddef46766 (diff) | |
| download | golang-c1ca880a2324453086fc744619fd5e438d94e9a8.tar.gz | |
crypto/tls: good defaults
R=agl1
CC=golang-dev
http://codereview.appspot.com/851041
Diffstat (limited to 'src/pkg/crypto')
| -rw-r--r-- | src/pkg/crypto/tls/common.go | 39 | ||||
| -rw-r--r-- | src/pkg/crypto/tls/tls.go | 23 |
2 files changed, 61 insertions, 1 deletions
diff --git a/src/pkg/crypto/tls/common.go b/src/pkg/crypto/tls/common.go index 8ef8b09d8..ef54a1db7 100644 --- a/src/pkg/crypto/tls/common.go +++ b/src/pkg/crypto/tls/common.go @@ -5,9 +5,13 @@ package tls import ( + "crypto/rand" "crypto/rsa" "io" + "io/ioutil" + "once" "os" + "time" ) const ( @@ -130,3 +134,38 @@ func (nop) Sum() []byte { return nil } func (nop) Reset() {} func (nop) Size() int { return 0 } + + +// The defaultConfig is used in place of a nil *Config in the TLS server and client. +var varDefaultConfig *Config + +func defaultConfig() *Config { + once.Do(initDefaultConfig) + return varDefaultConfig +} + +// Possible certificate files; stop after finding one. +// On OS X we should really be using the Directory Services keychain +// but that requires a lot of Mach goo to get at. Instead we use +// the same root set that curl uses. +var certFiles = []string{ + "/etc/ssl/certs/ca-certificates.crt", // Linux etc + "/usr/share/curl/curl-ca-bundle.crt", // OS X +} + +func initDefaultConfig() { + roots := NewCASet() + for _, file := range certFiles { + data, err := ioutil.ReadFile(file) + if err == nil { + roots.SetFromPEM(data) + break + } + } + + varDefaultConfig = &Config{ + Rand: rand.Reader, + Time: time.Seconds, + RootCAs: roots, + } +} diff --git a/src/pkg/crypto/tls/tls.go b/src/pkg/crypto/tls/tls.go index 7c76ddeb9..5fbf850da 100644 --- a/src/pkg/crypto/tls/tls.go +++ b/src/pkg/crypto/tls/tls.go @@ -125,6 +125,9 @@ type handshaker interface { // Server establishes a secure connection over the given connection and acts // as a TLS server. func startTLSGoroutines(conn net.Conn, h handshaker, config *Config) *Conn { + if config == nil { + config = defaultConfig() + } tls := new(Conn) tls.Conn = conn @@ -167,7 +170,6 @@ func (l *Listener) Accept() (c net.Conn, err os.Error) { if err != nil { return } - c = Server(c, l.config) return } @@ -179,8 +181,27 @@ func (l *Listener) Addr() net.Addr { return l.listener.Addr() } // NewListener creates a Listener which accepts connections from an inner // Listener and wraps each connection with Server. func NewListener(listener net.Listener, config *Config) (l *Listener) { + if config == nil { + config = defaultConfig() + } l = new(Listener) l.listener = listener l.config = config return } + +func Listen(network, laddr string) (net.Listener, os.Error) { + l, err := net.Listen(network, laddr) + if err != nil { + return nil, err + } + return NewListener(l, nil), nil +} + +func Dial(network, laddr, raddr string) (net.Conn, os.Error) { + c, err := net.Dial(network, laddr, raddr) + if err != nil { + return nil, err + } + return Client(c, nil), nil +} |