Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: support dynamic NameToCertificate mapping in addition to static map for dynamic SNI certificate generation #7596

Closed
gopherbot opened this issue Mar 20, 2014 · 6 comments

Comments

@gopherbot
Copy link

@gopherbot gopherbot commented Mar 20, 2014

by ox.to.a.cart:

tls.Config includes a NameToCertificate map that allows tls servers to specify
certificates to use for specific SNI names.  I am building an HTTP proxy that
man-in-the-middle's connections, and it needs to be able to dynamically generate
certificates for any SNI name that comes in.  Pregenerating the certificates is an
intractable problem since I would have to generate certificates for all known and even
possible server names in the world.

I've patched Go to allow the inclusion of an optional CertificateForName function on
tls.Config that, if present, provides a hook for the server to generate certificates on
the fly for a given SNI name.

The changeset in question is here:

https://code.google.com/r/oxtoacart-gomitm/source/detail?r=a696a331eda198996f567018c54d3551adf8d1de&;name=release-branch.go1.2

I use it in gomitm, which is here:

https://github.com/oxtoacart/gomitm/blob/master/mitm.go
@ianlancetaylor

This comment has been minimized.

Copy link
Contributor

@ianlancetaylor ianlancetaylor commented May 9, 2014

Comment 1:

If you have a specific patch to propose, please follow the procedure described in
http://golang.org/doc/contribute.html.  Thanks.

Labels changed: added repo-main.

@rsc

This comment has been minimized.

Copy link
Contributor

@rsc rsc commented May 21, 2014

Comment 2:

Labels changed: added release-none.

Status changed to Accepted.

@gopherbot

This comment has been minimized.

Copy link
Author

@gopherbot gopherbot commented May 21, 2014

Comment 3 by ox@getlantern.org:

Happy to see this accepted!  There's a code review that's ready to go for this (pending
any recent changes in 1.3), I'm just waiting on 1.3 to be released before I resubmit.
https://golang.org/cl/81260045/
@stevvooe

This comment has been minimized.

Copy link

@stevvooe stevvooe commented Jul 22, 2014

Comment 4:

Go 1.3 is out. It would be great if you could resubmit your review!
@gopherbot

This comment has been minimized.

Copy link
Author

@gopherbot gopherbot commented Aug 6, 2014

Comment 5 by ox@getlantern.org:

An enhancement for this has been submitted:
https://code.google.com/p/go/source/detail?r=957bd50e2b82
@agl

This comment has been minimized.

Copy link
Contributor

@agl agl commented Aug 6, 2014

Comment 6:

Status changed to Fixed.

@gopherbot gopherbot added fixed labels Aug 6, 2014
@golang golang locked and limited conversation to collaborators Jun 25, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.