-
Notifications
You must be signed in to change notification settings - Fork 217
/
tls.go
50 lines (46 loc) · 1.04 KB
/
tls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
package main
import (
"crypto/tls"
"crypto/x509"
"io/ioutil"
"testing"
)
func testServerTLS(t *testing.T) *tls.Config {
cert, err := tls.LoadX509KeyPair("../testdata/server.crt", "../testdata/server.key")
if err != nil {
t.Fatal(err)
}
cp := x509.NewCertPool()
rootca, err := ioutil.ReadFile("../testdata/client.crt")
if err != nil {
t.Fatal(err)
}
if !cp.AppendCertsFromPEM(rootca) {
t.Fatal("client cert err")
}
return &tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
ServerName: "Server",
ClientCAs: cp,
}
}
func testClientTLS(t *testing.T) *tls.Config {
cert, err := tls.LoadX509KeyPair("../testdata/client.crt", "../testdata/client.key")
if err != nil {
t.Fatal(err)
}
cp := x509.NewCertPool()
rootca, err := ioutil.ReadFile("../testdata/server.crt")
if err != nil {
t.Fatal(err)
}
if !cp.AppendCertsFromPEM(rootca) {
t.Fatal("server cert err")
}
return &tls.Config{
Certificates: []tls.Certificate{cert},
ServerName: "Server",
RootCAs: cp,
}
}