-
Notifications
You must be signed in to change notification settings - Fork 376
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TLS certs support for mutual authentication #83
Conversation
Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #83 +/- ##
==========================================
+ Coverage 82.18% 83.81% +1.62%
==========================================
Files 18 18
Lines 1600 1637 +37
==========================================
+ Hits 1315 1372 +57
+ Misses 241 213 -28
- Partials 44 52 +8
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for this fantastic work 🎊 🚀
I left a few comments. Please take a look at them.
Also, you may consider adding some test cases on json_test.go
and main_test.go
Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com>
Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com>
done |
Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com>
TODO: Readme update |
Everything looks clear @zhiburt 🚀 There are 2 things left before merging this branch:
|
Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com>
Added
I don't have any manual steps :) To test it manually you would need to spawn a webserver with chosen certs and direct ddosify to the webserver. |
I've played a little bit and it works. (Took me a while...)
const https = require('https')
const fs = require('fs');
let server = https.createServer({
requestCert: true,
rejectUnauthorized: false,
key: fs.readFileSync('server_key.pem'),
cert: fs.readFileSync('server_cert.pem'),
ca: [ fs.readFileSync('server_cert.pem') ]
},
(req, res) => {
const cert = req.connection.getPeerCertificate()
if (cert != null && cert.subject != null) {
console.info(`Hello ${cert.subject.CN}, your certificate was issued by ${cert.issuer.CN}!`)
}
if (!req.client.authorized) {
res.writeHead(401);
return res.end('Invalid client certificate authentication.');
}
console.info("123213321");
res.writeHead(200);
res.end('Hello, world!');
});
server.listen(8098)
go run main.go -t https://127.0.0.1:8098
go run main.go -t https://127.0.0.1:8098 --cert_path=/alice_cert.pem --cert_key_path=/alice_key.pem |
Fascinating work @zhiburt 🎊 Thank you very much for your effort. I'll merge the PR this week. |
Hi there
Thanks for the
good first issue
labelLet me know if I did something wrong (which I could 😞).
closes #82