Package mocktls provides mock TLS functionality for testing purposes.
A basic TLS server can be run with the following command:
go run cmd/mockserver/main.goBy default, a private key and certificate chain will be generated in memory.
An existing private key and certificate chain can be provided via standard input. A general example of this feature can be pasting a private key and certificate chain into the program. Once the data has been pasted, simply close stdin with Control+D (Control+C on Windows because I was not sure what else to do). Please refer to https://pkg.go.dev/crypto/tls#LoadX509KeyPair for details about certificate chain structure. Here is an example:
go run cmd/mockserver/main.go -i
-----BEGIN CERTIFICATE-----
# PEM data.
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
# PEM data.
-----END CERTIFICATE-----
-----BEGIN ECDSA PRIVATE KEY-----
# PEM data.
-----END ECDSA PRIVATE KEY-----An existing private key and certificate chain can also be specified from disk as well. Please refer to https://pkg.go.dev/crypto/tls#LoadX509KeyPair for details about certificate chain file structure:
go run cmd/mockserver/main.go -k /path/to/key.pem -c /path/to/certchain.pemFor the purposes of this project, a "certificate chain" refers to a list of certificates. This term is commonly used by many TLS implementations. If you are using a single certificate, then it is still considered a "chain", and can be used in place of the chain. The term is a bit of a misnomer because certificate signing is more complicated than A signs B which signs C. For more information on the subject, refer to Ryan Sleevi's blog post on the subject.