proposal: crypto/tls: add function to dynamically load more than one certificate for a multi-domain server #36135

mvasi90 · 2019-12-13T22:16:05Z

Hello,

Please add a function to load dynamically more than one certificate for multi domain server.

tlsConfig := &tls.Config{
	PreferServerCipherSuites: true,
	MinVersion:               tls.VersionTLS13,
	ClientCAs:                caCertPool,
	GetClientCertificates:     certR.GetCertificatesFunc(), // more than one
	//ClientAuth: tls.RequireAndVerifyClientCert,
}


func (cr *certReloader) GetCertificatesFunc() func(*tls.ClientHelloInfo) ([]*tls.Certificate, error) {
	return func(chi *tls.ClientHelloInfo) ([]*tls.Certificate, error) {
		cr.m.RLock()
		defer cr.m.RUnlock()
		return cr.certs, nil
	}
}

gopherbot added this to the Proposal milestone Dec 13, 2019

gopherbot added the Proposal label Dec 13, 2019

odeke-em changed the title ~~Proposal: Add tls.Config.GetClientCertificate ... ([]*Certificate, error)~~ proposal: crypto/tls: add function to dynamically load more than one certificate for a multi-domain server Dec 14, 2019

odeke-em added the Proposal-Crypto label Dec 14, 2019

golang / go

proposal: crypto/tls: add function to dynamically load more than one certificate for a multi-domain server #36135

proposal: crypto/tls: add function to dynamically load more than one certificate for a multi-domain server #36135

mvasi90 commented Dec 13, 2019 •

edited

golang / go

Join GitHub today

proposal: crypto/tls: add function to dynamically load more than one certificate for a multi-domain server #36135

proposal: crypto/tls: add function to dynamically load more than one certificate for a multi-domain server #36135

Comments

mvasi90 commented Dec 13, 2019 • edited

mvasi90 commented Dec 13, 2019 •

edited