Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/tls: add function to dynamically load more than one certificate for a multi-domain server #36135

Closed
mvasi90 opened this issue Dec 13, 2019 · 1 comment
Labels
FrozenDueToAge Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Milestone

Comments

@mvasi90
Copy link

mvasi90 commented Dec 13, 2019

Hello,

Please add a function to load dynamically more than one certificate for multi domain server.

tlsConfig := &tls.Config{
	PreferServerCipherSuites: true,
	MinVersion:               tls.VersionTLS13,
	ClientCAs:                caCertPool,
	GetClientCertificates:     certR.GetCertificatesFunc(), // more than one
	//ClientAuth: tls.RequireAndVerifyClientCert,
}


func (cr *certReloader) GetCertificatesFunc() func(*tls.ClientHelloInfo) ([]*tls.Certificate, error) {
	return func(chi *tls.ClientHelloInfo) ([]*tls.Certificate, error) {
		cr.m.RLock()
		defer cr.m.RUnlock()
		return cr.certs, nil
	}
}
@gopherbot gopherbot added this to the Proposal milestone Dec 13, 2019
@odeke-em odeke-em changed the title Proposal: Add tls.Config.GetClientCertificate ... ([]*Certificate, error) proposal: crypto/tls: add function to dynamically load more than one certificate for a multi-domain server Dec 14, 2019
@odeke-em odeke-em added the Proposal-Crypto Proposal related to crypto packages or other security issues label Dec 14, 2019
@FiloSottile
Copy link
Contributor

You can use Config.GetConfigForClient, and set the Certificates field in the returned Config.

@golang golang locked and limited conversation to collaborators Feb 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
None yet
Development

No branches or pull requests

4 participants