您可以在本节中看到完整的示例
file-server-go。
证书链应装入
x509.NewCertPool()
cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key")if err != nil { log.Fatalf("server: loadkeys: %s", err)}certpool := x509.NewCertPool()pem, err := ioutil.ReadFile("certs/ca.pem")if err != nil { log.Fatalf("Failed to read client certificate authority: %v", err)}if !certpool.AppendCertsFromPEM(pem) { log.Fatalf("Can't parse client certificate authority")}config := tls.Config{ Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAndVerifyClientCert, ClientCAs: certpool,}config.Rand = rand.Readerservice := "0.0.0.0:8000"listener, err := tls.Listen("tcp", service, &config)就您而言,
ioutil.ReadFile("sf_bundle-g2-g1.crt")。我正在使用http.Server实例以更改ReadTimeout和WriteTimeout参数
server := &http.Server{ Addr: "0.0.0.0:8000", TLSConfig: tlsConfig, ReadTimeout: time.Duration // maximum duration before timing out read of the request, WriteTimeout: time.Duration // maximum duration before timing out write of the response}(
time.Duration以实际时间代替)
然后:
err := server.ListenAndServeTLS(certFile, keyFile string)log.Fatal(err)
注意
ListenAndServeTLS总是返回一个非nil错误。
