Giter VIP home page Giter VIP logo

Comments (8)

zenazn avatar zenazn commented on May 27, 2024

Goji doesn't manage the request object or TLS at all—can you reproduce this with vanilla net/http?

from goji.

elithrar avatar elithrar commented on May 27, 2024

If you can also show the code making the request to the Goji server it will
help as well.

On Mon, Feb 8, 2016 at 2:17 PM Carl Jackson [email protected]
wrote:

Goji doesn't manage the request object or TLS at all—can you reproduce
this with vanilla net/http?


Reply to this email directly or view it on GitHub
#178 (comment).

from goji.

maxim0r avatar maxim0r commented on May 27, 2024

Goji doesn't manage the request object or TLS at all—can you reproduce this with vanilla net/http?

Yes, it work.
https-hello.go:

package main

import (
    "log"
    "crypto/tls"
    "crypto/x509"
    "io/ioutil"
    "net/http"
)

func HelloServer(w http.ResponseWriter, req *http.Request) {
    w.Header().Set("Content-Type", "text/plain")
    w.Write([]byte("This is an example server.\n"))
    if req.TLS != nil {
        for _, crt := range req.TLS.PeerCertificates {
            log.Println("Crt:",crt)
        }
    }
}

func main() {
    log.SetFlags(log.Lshortfile)

    cachain_b, err := ioutil.ReadFile("cachain.pem")
    if err != nil {
        log.Println("Can't read cachain file: %v", err)
        return
    }
    pool := x509.NewCertPool()
    pool.AppendCertsFromPEM(cachain_b)

    tlsConfig := tls.Config{
        ClientAuth: tls.RequireAndVerifyClientCert,
        ClientCAs: pool,
    }

    server := &http.Server{
        Addr:      ":22443",
        TLSConfig: &tlsConfig,
    }

    http.HandleFunc("/hello", HelloServer)
    err = server.ListenAndServeTLS("cert.pem", "key.pem")
    if err != nil {
        log.Fatal("ListenAndServe: ", err)
    }
}

If you can also show the code making the request to the Goji server it will
help as well.

curl --cert user.cer -k "https://localhost:8000"

from goji.

zenazn avatar zenazn commented on May 27, 2024

Yeah—that would be helpful. Thanks!

from goji.

zenazn avatar zenazn commented on May 27, 2024

Sorry, that comment didn't make any sense—I thought you were saying some of what Matt was saying.

In your net/http example, I noticed you're using ListenAndServeTLS. That function actually does quite a bit of setup behind the scenes for you, for instance setting up NextProtos, etc. Could you try making the Goji and net/http examples more similar? I suspect the bug is somewhere in the difference between what ListenAndServeTLS does and what you are doing to initialize Goji.

from goji.

maxim0r avatar maxim0r commented on May 27, 2024

Could you try making the Goji and net/http examples more similar?

I modify the server.go like as net/http example:

package main

import (
    "flag"
    "net/http"
    "github.com/golang/glog"
    "github.com/gorilla/context"
    "./controllers"
    "./system"
    "github.com/zenazn/goji"
    "github.com/zenazn/goji/graceful"
    "github.com/zenazn/goji/web"
    "io/ioutil"
    "crypto/x509"
    "crypto/tls"
    "crypto/rand"
)

func main() {
    filename := flag.String("config", "config.toml", "Path to configuration file")

    flag.Parse()
    defer glog.Flush()

    var application = &system.Application{}

    application.Init(filename)
    application.LoadTemplates()

    // Setup static files
    static := web.New()
    publicPath := application.Config.Get("general.public_path").(string)
    static.Get("/assets/*", http.StripPrefix("/assets/", http.FileServer(http.Dir(publicPath))))

    http.Handle("/assets/", static)

    // Apply middleware
    goji.Use(application.ApplyTemplates)
    goji.Use(application.ApplySessions)
    goji.Use(application.ApplyDbMap)
    goji.Use(application.ApplyAuth)
    goji.Use(application.ApplyIsXhr)
    goji.Use(application.ApplyCsrfProtection)
    goji.Use(context.ClearHandler)

    controller := &controllers.MainController{}

    // Couple of files - in the real world you would use nginx to serve them.
    goji.Get("/robots.txt", http.FileServer(http.Dir(publicPath)))
    goji.Get("/favicon.ico", http.FileServer(http.Dir(publicPath+"/images")))

    // Home page
    goji.Get("/", application.Route(controller, "Index"))

    // Sign In routes
    goji.Get("/signin", application.Route(controller, "SignIn"))
    goji.Post("/signin", application.Route(controller, "SignInPost"))

    // Sign Up routes
    goji.Get("/signup", application.Route(controller, "SignUp"))
    goji.Post("/signup", application.Route(controller, "SignUpPost"))

    // KTHXBYE
    goji.Get("/logout", application.Route(controller, "Logout"))

    graceful.PostHook(func() {
        application.Close()
    })

    // Make TLS config
    cachain_b, err := ioutil.ReadFile(application.Config.Get("certs.cachain").(string))
    if err != nil {
        glog.Errorf("Can't read cachain file: %v", err)
        return
    }
    pool := x509.NewCertPool()
    pool.AppendCertsFromPEM(cachain_b)

    config := tls.Config{
        ClientAuth: tls.RequireAndVerifyClientCert,
        ClientCAs: pool,
    }
    config.Rand = rand.Reader

    server := &graceful.Server{
        Addr:      ":22443",
        TLSConfig: &config,
    }

    goji.DefaultMux.Compile()
    http.Handle("/", goji.DefaultMux)
    err = server.ListenAndServeTLS(application.Config.Get("certs.cert").(string), application.Config.Get("certs.key").(string))
    if err != nil {
        glog.Fatal("ListenAndServe: ", err)
    }
}

It not work also, but if I change
server := &graceful.Server{
to
server := &http.Server{
that is fine and I can see client certificate!

from goji.

zenazn avatar zenazn commented on May 27, 2024

Ugh net/http is sniffing for *tls.Conn's directly: https://github.com/golang/go/blob/7ebf653fcc8510f260a1afbc3fb9e3de157dfe04/src/net/http/server.go#L1398

Unfortunately this means there's no way to use the graceful package with client certificates. Sorry about that!

from goji.

maxim0r avatar maxim0r commented on May 27, 2024

Clearly, many thanks for you help.

from goji.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.