代码拉取完成,页面将自动刷新
// Package gtls provides grpc secure connectivity, supporting both server-only authentication and client-server authentication.
package gtls
import (
"crypto/tls"
"crypto/x509"
"errors"
"os"
"google.golang.org/grpc/credentials"
)
// GetServerTLSCredentialsByCA two-way authentication via CA-issued root certificate
func GetServerTLSCredentialsByCA(caFile string, certFile string, keyFile string) (credentials.TransportCredentials, error) {
//read and parse the information from the certificate file to obtain the certificate public key, key pair
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return nil, err
}
// create an empty CertPool
certPool := x509.NewCertPool()
ca, err := os.ReadFile(caFile)
if err != nil {
return nil, err
}
//attempts to parse the incoming PEM-encoded certificate. If the parsing is successful it will be added to the CertPool for later use
if ok := certPool.AppendCertsFromPEM(ca); !ok {
return nil, errors.New("certPool.AppendCertsFromPEM err")
}
//building TLS-based TransportCredentials options
c := credentials.NewTLS(&tls.Config{
Certificates: []tls.Certificate{cert}, // set up a certificate chain that allows the inclusion of one or more
ClientAuth: tls.RequireAndVerifyClientCert, // requirement to verify the client's certificate
ClientCAs: certPool, // set the set of root certificates and use the mode set in ClientAuth for verification
})
return c, err
}
// GetServerTLSCredentials server-side authentication
func GetServerTLSCredentials(certFile string, keyFile string) (credentials.TransportCredentials, error) {
c, err := credentials.NewServerTLSFromFile(certFile, keyFile)
if err != nil {
return nil, err
}
return c, err
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。