Documentation ¶
Overview ¶
Package mustcert generates certificates for TLS testing
Example ¶
This example uses mustcert to create certificates, start a TLS server, and a client to talk to it.
ca := CA("root", nil) serverCert := Leaf("localhost", ca) clientCert := Leaf("client", ca) // Create the TLS Test Server server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if _, err := w.Write([]byte("hello, world!")); err != nil { fmt.Println(err) } })) rootCAs := Pool(ca.TLS()) server.TLS = &tls.Config{ ClientAuth: tls.RequireAndVerifyClientCert, Certificates: []tls.Certificate{*serverCert.TLS()}, RootCAs: rootCAs, ClientCAs: rootCAs, } server.StartTLS() defer server.Close() // Create the Client configuration cert, err := tls.X509KeyPair([]byte(clientCert.CertPEM()), []byte(clientCert.KeyPEM())) if err != nil { fmt.Println(err) } caCertPool := Pool(ca.TLS()) config := &tls.Config{ Certificates: []tls.Certificate{cert}, RootCAs: caCertPool, InsecureSkipVerify: true, } config.BuildNameToCertificate() // Create the HTTP Client client := &http.Client{ Transport: &http.Transport{ TLSClientConfig: config, }, } // Make a client request to the HTTP Server resp, err := client.Get(server.URL) if err != nil { fmt.Println(err) } defer resp.Body.Close() bodyBytes, err := ioutil.ReadAll(resp.Body) if err != nil { fmt.Println(err) } bodyString := string(bodyBytes) fmt.Println(bodyString)
Output: hello, world!
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Cert ¶
type Cert tls.Certificate
Cert is an alias for tls.Certificate with extra helper methods.
func CA ¶
CA generates a new certificate that can sign leaf & intermediary certificates. The certificate is self-signed if parent is nil.
func Leaf ¶
func Leaf(commonName string, parent *Cert, opts ...func(*x509.Certificate)) *Cert
Leaf generates a new leaf certificate. The certificate is self-signed if parent is nil. If opts are provided, they are invoked on the certificate before it's signed
Click to show internal directories.
Click to hide internal directories.