tlsdemo

command

v1.1.2 Latest Latest Go to latest Published: Feb 6, 2016 License: Apache-2.0, Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.imxd.top/openshift/origin

README ¶

Libtrust TLS Config Demo

This program generates key pairs and trust files for a TLS client and server.

To generate the keys, run:

$ go run genkeys.go

The generated files are:

$ ls -l client_data/ server_data/
client_data/:
total 24
-rw-------  1 jlhawn  staff  281 Aug  8 16:21 private_key.json
-rw-r--r--  1 jlhawn  staff  225 Aug  8 16:21 public_key.json
-rw-r--r--  1 jlhawn  staff  275 Aug  8 16:21 trusted_hosts.json

server_data/:
total 24
-rw-r--r--  1 jlhawn  staff  348 Aug  8 16:21 trusted_clients.json
-rw-------  1 jlhawn  staff  281 Aug  8 16:21 private_key.json
-rw-r--r--  1 jlhawn  staff  225 Aug  8 16:21 public_key.json

The private key and public key for the client and server are stored in private_key.json and public_key.json, respectively, and in their respective directories. They are represented as JSON Web Keys: JSON objects which represent either an ECDSA or RSA private key. The host keys trusted by the client are stored in trusted_hosts.json and contain a mapping of an internet address, <HOSTNAME_OR_IP>:<PORT>, to a JSON Web Key which is a JSON object representing either an ECDSA or RSA public key of the trusted server. The client keys trusted by the server are stored in trusted_clients.json and contain an array of JSON objects which contain a comment field which can be used describe the key and a JSON Web Key which is a JSON object representing either an ECDSA or RSA public key of the trusted client.

To start the server, run:

$ go run server.go

This starts an HTTPS server which listens on localhost:8888. The server configures itself with a certificate which is valid for both localhost and 127.0.0.1 and uses the key from server_data/private_key.json. It accepts connections from clients which present a certificate for a key that it is configured to trust from the trusted_clients.json file and returns a simple 'hello' message.

To make a request using the client, run:

$ go run client.go

This command creates an HTTPS client which makes a GET request to https://localhost:8888. The client configures itself with a certificate using the key from client_data/private_key.json. It only connects to a server which presents a certificate signed by the key specified for the localhost:8888 address from client_data/trusted_hosts.json and made to be used for the localhost hostname. If the connection succeeds, it prints the response from the server.

The file gencert.go can be used to generate PEM encoded version of the client key and certificate. If you save them to key.pem and cert.pem respectively, you can use them with curl to test out the server (if it is still running).

curl --cert cert.pem --key key.pem -k https://localhost:8888

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL