3 * TLS and Connection Hell.
18 CACertPool *x509.CertPool = nil
22 func ServiceRequests() {
23 var sockConfig tls.Config
25 // resolve the bind address
26 bindAddressStr := GetStringOpt("bind address")
27 var bindAddr *net.IPAddr = nil
28 if (bindAddressStr != "") {
30 bindAddr, err = net.ResolveIPAddr("ip", bindAddressStr)
32 o.Warn("Ignoring bind address. Couldn't resolve \"%s\": %s", bindAddressStr, err)
37 // load the x509 certificate and key, then attach it to the tls config.
38 x509CertFilename := GetStringOpt("x509 certificate")
39 x509PrivateKeyFilename := GetStringOpt("x509 private key")
40 serverCert, err := tls.LoadX509KeyPair(x509CertFilename, x509PrivateKeyFilename)
41 o.MightFail(err, "Couldn't load certificates")
42 sockConfig.Certificates = append(sockConfig.Certificates, serverCert)
45 CACertPool = x509.NewCertPool()
46 caCertNames := GetCACertList()
47 if caCertNames != nil {
48 for _, filename := range caCertNames {
49 fh, err := os.Open(filename)
51 o.Warn("Whilst parsing CA certs, couldn't open %s: %s", filename, err)
56 o.MightFail(err, "Couldn't stat CA certificate file: %s", filename)
57 data := make([]byte, fi.Size)
59 CACertPool.AppendCertsFromPEM(data)
62 sockConfig.RootCAs = CACertPool
64 // determine the server hostname.
65 servername := GetStringOpt("server name")
67 o.Info("Using %s as the server name", servername)
68 sockConfig.ServerName = servername
71 o.Warn("Probing for fqdn for bind address as none was provided.")
72 hostnames, err := net.LookupAddr(bindAddr.String())
73 o.MightFail(err, "Failed to get full hostname for bind address")
74 sockConfig.ServerName = hostnames[0]
76 o.Warn("Probing for fqdn as no server name was provided")
77 sockConfig.ServerName = o.ProbeHostname()
81 // ask the client to authenticate
82 sockConfig.AuthenticateClient = true
84 /* convert the bindAddress to a string suitable for the Listen call */
86 if (bindAddr == nil) {
87 laddr = fmt.Sprintf(":%d", o.DefaultMasterPort)
89 laddr = fmt.Sprintf("%s:%d", bindAddr.String(), o.DefaultMasterPort)
91 o.Info("Binding to %s", laddr)
92 listener, err := tls.Listen("tcp", laddr, &sockConfig)
93 o.MightFail(err, "Couldn't bind TLS listener")
96 o.Warn("Waiting for Connection...")
97 c, err := listener.Accept()
98 o.MightFail(err, "Couldn't accept TLS connection")
99 o.Warn("Connection received from %s", c.RemoteAddr().String())