Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto/tls: support dynamic NameToCertificate mapping in addition to static map for dynamic SNI certificate generation #7596
tls.Config includes a NameToCertificate map that allows tls servers to specify certificates to use for specific SNI names. I am building an HTTP proxy that man-in-the-middle's connections, and it needs to be able to dynamically generate certificates for any SNI name that comes in. Pregenerating the certificates is an intractable problem since I would have to generate certificates for all known and even possible server names in the world. I've patched Go to allow the inclusion of an optional CertificateForName function on tls.Config that, if present, provides a hook for the server to generate certificates on the fly for a given SNI name. The changeset in question is here: https://code.google.com/r/oxtoacart-gomitm/source/detail?r=a696a331eda198996f567018c54d3551adf8d1de&;name=release-branch.go1.2 I use it in gomitm, which is here: https://github.com/oxtoacart/gomitm/blob/master/mitm.go
Comment 5 by firstname.lastname@example.org:
An enhancement for this has been submitted: https://code.google.com/p/go/source/detail?r=957bd50e2b82
This issue was closed.