root/gost_software
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add Certificate Pinning support

Browse Source
This commit is contained in:
rui.zheng 2017-08-05 17:15:29 +08:00
parent a28b03d9ee
commit 7220d7478a
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
cmd/gost/main.go
View File

@ -3,6 +3,7 @@ package main
import ( import (
"bufio" "bufio"
"crypto/tls" "crypto/tls"
"crypto/x509"
"encoding/json" "encoding/json"
"errors" "errors"
"flag" "flag"
@ -84,9 +85,14 @@ func initChain() (*gost.Chain, error) {
serverName = "localhost" // default server name serverName = "localhost" // default server name
} }
rootCAs, err := loadCA(node.Values.Get("ca"))
if err != nil {
return nil, err
}
tlsCfg := &tls.Config{ tlsCfg := &tls.Config{
ServerName: serverName, ServerName: serverName,
InsecureSkipVerify: !toBool(node.Values.Get("scure")), InsecureSkipVerify: !toBool(node.Values.Get("scure")),
RootCAs: rootCAs,
} }
var tr gost.Transporter var tr gost.Transporter
switch node.Transport { switch node.Transport {
@ -379,6 +385,21 @@ func tlsConfig(certFile, keyFile string) (*tls.Config, error) {
return &tls.Config{Certificates: []tls.Certificate{cert}}, nil return &tls.Config{Certificates: []tls.Certificate{cert}}, nil
} }
func loadCA(caFile string) (cp *x509.CertPool, err error) {
if caFile == "" {
return
}
cp = x509.NewCertPool()
data, err := ioutil.ReadFile(caFile)
if err != nil {
return nil, err
}
if !cp.AppendCertsFromPEM(data) {
return nil, errors.New("AppendCertsFromPEM failed")
}
return
}
func loadConfigureFile(configureFile string) error { func loadConfigureFile(configureFile string) error {
if configureFile == "" { if configureFile == "" {
return nil return nil