ssl - 如何在 GO 中创建带有 ca 证书的 tls 客户端？

Question

我想使用 net/http 创建一个 tls 客户端在 GO 中如何根据 ca 证书创建它？

Answer 1

package main

import (
    "crypto/tls"
    "crypto/x509"
    "flag"
    "io/ioutil"
    "log"
    "net/http"
)

var (
    certFile = flag.String("cert", "someCertFile", "A PEM eoncoded certificate file.")
    keyFile  = flag.String("key", "someKeyFile", "A PEM encoded private key file.")
    caFile   = flag.String("CA", "someCertCAFile", "A PEM eoncoded CA's certificate file.")
)

func main() {
    flag.Parse()

    // Load client cert
    cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
    if err != nil {
        log.Fatal(err)
    }

    // Load CA cert
    caCert, err := ioutil.ReadFile(*caFile)
    if err != nil {
        log.Fatal(err)
    }
    caCertPool := x509.NewCertPool()
    caCertPool.AppendCertsFromPEM(caCert)

    // Setup HTTPS client
    tlsConfig := &tls.Config{
        Certificates: []tls.Certificate{cert},
        RootCAs:      caCertPool,
    }
    tlsConfig.BuildNameToCertificate()
    transport := &http.Transport{TLSClientConfig: tlsConfig}
    client := &http.Client{Transport: transport}

    // Do GET something
    resp, err := client.Get("https://localdev.local:8443")
    if err != nil {
        log.Fatal(err)
    }
    defer resp.Body.Close()

    // Dump response
    data, err := ioutil.ReadAll(resp.Body)
    if err != nil {
        log.Fatal(err)
    }
    log.Println(string(data))
}

主要是借用这个gist .这是一篇在 Go 中使用 TLS 的好文章:https://ericchiang.github.io/tls/go/https/2015/06/21/go-tls.html