tls.Config includes a NameToCertificate map that allows tls servers to specify
certificates to use for specific SNI names. I am building an HTTP proxy that
man-in-the-middle's connections, and it needs to be able to dynamically generate
certificates for any SNI name that comes in. Pregenerating the certificates is an
intractable problem since I would have to generate certificates for all known and even
possible server names in the world.
I've patched Go to allow the inclusion of an optional CertificateForName function on
tls.Config that, if present, provides a hook for the server to generate certificates on
the fly for a given SNI name.
The changeset in question is here:
I use it in gomitm, which is here:
The text was updated successfully, but these errors were encountered:
Happy to see this accepted! There's a code review that's ready to go for this (pending
any recent changes in 1.3), I'm just waiting on 1.3 to be released before I resubmit.