Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: support dynamic NameToCertificate mapping in addition to static map for dynamic SNI certificate generation #7596

Closed
gopherbot opened this issue Mar 20, 2014 · 6 comments

Comments

@gopherbot
Copy link

by ox.to.a.cart:

tls.Config includes a NameToCertificate map that allows tls servers to specify
certificates to use for specific SNI names.  I am building an HTTP proxy that
man-in-the-middle's connections, and it needs to be able to dynamically generate
certificates for any SNI name that comes in.  Pregenerating the certificates is an
intractable problem since I would have to generate certificates for all known and even
possible server names in the world.

I've patched Go to allow the inclusion of an optional CertificateForName function on
tls.Config that, if present, provides a hook for the server to generate certificates on
the fly for a given SNI name.

The changeset in question is here:

https://code.google.com/r/oxtoacart-gomitm/source/detail?r=a696a331eda198996f567018c54d3551adf8d1de&;name=release-branch.go1.2

I use it in gomitm, which is here:

https://github.com/oxtoacart/gomitm/blob/master/mitm.go
@ianlancetaylor
Copy link
Contributor

Comment 1:

If you have a specific patch to propose, please follow the procedure described in
http://golang.org/doc/contribute.html.  Thanks.

Labels changed: added repo-main.

@rsc
Copy link
Contributor

rsc commented May 21, 2014

Comment 2:

Labels changed: added release-none.

Status changed to Accepted.

@gopherbot
Copy link
Author

Comment 3 by ox@getlantern.org:

Happy to see this accepted!  There's a code review that's ready to go for this (pending
any recent changes in 1.3), I'm just waiting on 1.3 to be released before I resubmit.
https://golang.org/cl/81260045/

@stevvooe
Copy link

Comment 4:

Go 1.3 is out. It would be great if you could resubmit your review!

@gopherbot
Copy link
Author

Comment 5 by ox@getlantern.org:

An enhancement for this has been submitted:
https://code.google.com/p/go/source/detail?r=957bd50e2b82

@agl
Copy link
Contributor

agl commented Aug 6, 2014

Comment 6:

Status changed to Fixed.

@golang golang locked and limited conversation to collaborators Jun 25, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

5 participants