chriswhitcombe · June 25, 2015 20:33
diff --git a/gistfile1.go b/gistfile1.go
 package main

 import (
 	"crypto/tls"
 	"crypto/x509"
 	"io"
 	"io/ioutil"
 	"log"
 	"net/http"
 )

 func HelloServer(w http.ResponseWriter, req *http.Request) {
 	io.WriteString(w, "hello, world!\n")
 }

 func main() {
 	http.HandleFunc("/hello", HelloServer)

 	caCert, err := ioutil.ReadFile("../secure-client/selfsigned.crt")
 	if err != nil {
 		log.Fatal(err)
 	}
 	caCertPool := x509.NewCertPool()
 	caCertPool.AppendCertsFromPEM(caCert)

 	// Setup HTTPS client
 	tlsConfig := &tls.Config{
 		ClientCAs: caCertPool,
 		// NoClientCert
 		// RequestClientCert
 		// RequireAnyClientCert
 		// VerifyClientCertIfGiven
 		// RequireAndVerifyClientCert
 		ClientAuth: tls.RequireAndVerifyClientCert,
 	}
 	tlsConfig.BuildNameToCertificate()

 	server := &http.Server{
 		Addr:      ":8080",
 		TLSConfig: tlsConfig,
 	}

 	server.ListenAndServeTLS("selfsigned.crt", "selfsigned.key") //private cert
 }
	package main

	import (
	"crypto/tls"
	"crypto/x509"
	"io"
	"io/ioutil"
	"log"
	"net/http"
	)

	func HelloServer(w http.ResponseWriter, req *http.Request) {
	io.WriteString(w, "hello, world!\n")
	}

	func main() {
	http.HandleFunc("/hello", HelloServer)

	caCert, err := ioutil.ReadFile("../secure-client/selfsigned.crt")
	if err != nil {
	log.Fatal(err)
	}
	caCertPool := x509.NewCertPool()
	caCertPool.AppendCertsFromPEM(caCert)

	// Setup HTTPS client
	tlsConfig := &tls.Config{
	ClientCAs: caCertPool,
	// NoClientCert
	// RequestClientCert
	// RequireAnyClientCert
	// VerifyClientCertIfGiven
	// RequireAndVerifyClientCert
	ClientAuth: tls.RequireAndVerifyClientCert,
	}
	tlsConfig.BuildNameToCertificate()

	server := &http.Server{
	Addr: ":8080",
	TLSConfig: tlsConfig,
	}

	server.ListenAndServeTLS("selfsigned.crt", "selfsigned.key") //private cert
	}