Comments (8)
Goji doesn't manage the request object or TLS at all—can you reproduce this with vanilla net/http
?
from goji.
If you can also show the code making the request to the Goji server it will
help as well.
On Mon, Feb 8, 2016 at 2:17 PM Carl Jackson [email protected]
wrote:
Goji doesn't manage the request object or TLS at all—can you reproduce
this with vanilla net/http?—
Reply to this email directly or view it on GitHub
#178 (comment).
from goji.
Goji doesn't manage the request object or TLS at all—can you reproduce this with vanilla net/http?
Yes, it work.
https-hello.go:
package main
import (
"log"
"crypto/tls"
"crypto/x509"
"io/ioutil"
"net/http"
)
func HelloServer(w http.ResponseWriter, req *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.\n"))
if req.TLS != nil {
for _, crt := range req.TLS.PeerCertificates {
log.Println("Crt:",crt)
}
}
}
func main() {
log.SetFlags(log.Lshortfile)
cachain_b, err := ioutil.ReadFile("cachain.pem")
if err != nil {
log.Println("Can't read cachain file: %v", err)
return
}
pool := x509.NewCertPool()
pool.AppendCertsFromPEM(cachain_b)
tlsConfig := tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: pool,
}
server := &http.Server{
Addr: ":22443",
TLSConfig: &tlsConfig,
}
http.HandleFunc("/hello", HelloServer)
err = server.ListenAndServeTLS("cert.pem", "key.pem")
if err != nil {
log.Fatal("ListenAndServe: ", err)
}
}
If you can also show the code making the request to the Goji server it will
help as well.
curl --cert user.cer -k "https://localhost:8000"
from goji.
Yeah—that would be helpful. Thanks!
from goji.
Sorry, that comment didn't make any sense—I thought you were saying some of what Matt was saying.
In your net/http
example, I noticed you're using ListenAndServeTLS
. That function actually does quite a bit of setup behind the scenes for you, for instance setting up NextProtos
, etc. Could you try making the Goji and net/http
examples more similar? I suspect the bug is somewhere in the difference between what ListenAndServeTLS
does and what you are doing to initialize Goji.
from goji.
Could you try making the Goji and net/http examples more similar?
I modify the server.go like as net/http example:
package main
import (
"flag"
"net/http"
"github.com/golang/glog"
"github.com/gorilla/context"
"./controllers"
"./system"
"github.com/zenazn/goji"
"github.com/zenazn/goji/graceful"
"github.com/zenazn/goji/web"
"io/ioutil"
"crypto/x509"
"crypto/tls"
"crypto/rand"
)
func main() {
filename := flag.String("config", "config.toml", "Path to configuration file")
flag.Parse()
defer glog.Flush()
var application = &system.Application{}
application.Init(filename)
application.LoadTemplates()
// Setup static files
static := web.New()
publicPath := application.Config.Get("general.public_path").(string)
static.Get("/assets/*", http.StripPrefix("/assets/", http.FileServer(http.Dir(publicPath))))
http.Handle("/assets/", static)
// Apply middleware
goji.Use(application.ApplyTemplates)
goji.Use(application.ApplySessions)
goji.Use(application.ApplyDbMap)
goji.Use(application.ApplyAuth)
goji.Use(application.ApplyIsXhr)
goji.Use(application.ApplyCsrfProtection)
goji.Use(context.ClearHandler)
controller := &controllers.MainController{}
// Couple of files - in the real world you would use nginx to serve them.
goji.Get("/robots.txt", http.FileServer(http.Dir(publicPath)))
goji.Get("/favicon.ico", http.FileServer(http.Dir(publicPath+"/images")))
// Home page
goji.Get("/", application.Route(controller, "Index"))
// Sign In routes
goji.Get("/signin", application.Route(controller, "SignIn"))
goji.Post("/signin", application.Route(controller, "SignInPost"))
// Sign Up routes
goji.Get("/signup", application.Route(controller, "SignUp"))
goji.Post("/signup", application.Route(controller, "SignUpPost"))
// KTHXBYE
goji.Get("/logout", application.Route(controller, "Logout"))
graceful.PostHook(func() {
application.Close()
})
// Make TLS config
cachain_b, err := ioutil.ReadFile(application.Config.Get("certs.cachain").(string))
if err != nil {
glog.Errorf("Can't read cachain file: %v", err)
return
}
pool := x509.NewCertPool()
pool.AppendCertsFromPEM(cachain_b)
config := tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: pool,
}
config.Rand = rand.Reader
server := &graceful.Server{
Addr: ":22443",
TLSConfig: &config,
}
goji.DefaultMux.Compile()
http.Handle("/", goji.DefaultMux)
err = server.ListenAndServeTLS(application.Config.Get("certs.cert").(string), application.Config.Get("certs.key").(string))
if err != nil {
glog.Fatal("ListenAndServe: ", err)
}
}
It not work also, but if I change
server := &graceful.Server{
to
server := &http.Server{
that is fine and I can see client certificate!
from goji.
Ugh net/http
is sniffing for *tls.Conn
's directly: https://github.com/golang/go/blob/7ebf653fcc8510f260a1afbc3fb9e3de157dfe04/src/net/http/server.go#L1398
Unfortunately this means there's no way to use the graceful
package with client certificates. Sorry about that!
from goji.
Clearly, many thanks for you help.
from goji.
Related Issues (20)
- Use different middleware for different routes with App Engine HOT 2
- Data race when goroutines using context.Context outlive the http request HOT 2
- Post method with multipart/form-data encoding not work HOT 3
- returned 404 error when load js file HOT 1
- Document zenazn/goji vs goji/goji HOT 1
- wrapping HandlerType HOT 4
- Question: how to set timeout on HTTP requests HOT 8
- goji routing with react-router HOT 5
- Headers matching HOT 4
- Update ReadMe HOT 1
- Question: per-endpoint middleware HOT 5
- Does Goji 2 have Einhorn support? HOT 1
- How to use goji.ServeTLS() HOT 1
- How do I can change a variable with go command line? HOT 1
- SubRouter unexpected 404 HOT 4
- tag "v1.0" is a invalid module version HOT 5
- func Serve() have no options to disable log rquest HOT 1
- TLS context is not added to request HOT 2
- zenazn/goji or goji/goji ? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from goji.