Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: support dynamic NameToCertificate mapping in addition to static map for dynamic SNI certificate generation #7596

gopherbot opened this issue Mar 20, 2014 · 6 comments


Copy link


tls.Config includes a NameToCertificate map that allows tls servers to specify
certificates to use for specific SNI names.  I am building an HTTP proxy that
man-in-the-middle's connections, and it needs to be able to dynamically generate
certificates for any SNI name that comes in.  Pregenerating the certificates is an
intractable problem since I would have to generate certificates for all known and even
possible server names in the world.

I've patched Go to allow the inclusion of an optional CertificateForName function on
tls.Config that, if present, provides a hook for the server to generate certificates on
the fly for a given SNI name.

The changeset in question is here:;name=release-branch.go1.2

I use it in gomitm, which is here:
Copy link

Comment 1:

If you have a specific patch to propose, please follow the procedure described in  Thanks.

Labels changed: added repo-main.

Copy link

rsc commented May 21, 2014

Comment 2:

Labels changed: added release-none.

Status changed to Accepted.

Copy link

Comment 3 by

Happy to see this accepted!  There's a code review that's ready to go for this (pending
any recent changes in 1.3), I'm just waiting on 1.3 to be released before I resubmit.

Copy link

Comment 4:

Go 1.3 is out. It would be great if you could resubmit your review!

Copy link

Comment 5 by

An enhancement for this has been submitted:

Copy link

agl commented Aug 6, 2014

Comment 6:

Status changed to Fixed.

@golang golang locked and limited conversation to collaborators Jun 25, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet

No branches or pull requests

5 participants