Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: crypto/tls: add function to dynamically load more than one certificate for a multi-domain server #36135

Closed
mvasi90 opened this issue Dec 13, 2019 · 1 comment
Closed

proposal: crypto/tls: add function to dynamically load more than one certificate for a multi-domain server #36135

mvasi90 opened this issue Dec 13, 2019 · 1 comment
Labels
FrozenDueToAge Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Milestone
Proposal

Comments

@mvasi90
Copy link

mvasi90 commented Dec 13, 2019
edited

Hello,

Please add a function to load dynamically more than one certificate for multi domain server.

tlsConfig := &tls.Config{
	PreferServerCipherSuites: true,
	MinVersion:               tls.VersionTLS13,
	ClientCAs:                caCertPool,
	GetClientCertificates:     certR.GetCertificatesFunc(), // more than one
	//ClientAuth: tls.RequireAndVerifyClientCert,
}


func (cr *certReloader) GetCertificatesFunc() func(*tls.ClientHelloInfo) ([]*tls.Certificate, error) {
	return func(chi *tls.ClientHelloInfo) ([]*tls.Certificate, error) {
		cr.m.RLock()
		defer cr.m.RUnlock()
		return cr.certs, nil
	}
}
@gopherbot gopherbot added this to the Proposal milestone Dec 13, 2019
@odeke-em odeke-em changed the title Proposal: Add tls.Config.GetClientCertificate ... ([]*Certificate, error) proposal: crypto/tls: add function to dynamically load more than one certificate for a multi-domain server Dec 14, 2019
@odeke-em odeke-em added the Proposal-Crypto Proposal related to crypto packages or other security issues label Dec 14, 2019
@FiloSottile
Copy link
Contributor

You can use Config.GetConfigForClient, and set the Certificates field in the returned Config.

@golang golang locked and limited conversation to collaborators Feb 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
None yet
Milestone
Proposal
Development

No branches or pull requests
4 participants
@FiloSottile @odeke-em @gopherbot @mvasi90