diff options
author | atanarjuat <atanarjuat@example.com> | 2022-05-30 13:37:16 +0200 |
---|---|---|
committer | atanarjuat <atanarjuat@example.com> | 2022-05-30 13:37:16 +0200 |
commit | 50c5fdc8a15f37d506292b02eef992e83752152b (patch) | |
tree | 2c711b8f0e96f77c9317235e14ff2058f32a7962 /tls.go | |
parent | 6e531a35a57887d0b5764f34e16225ffdf0ee8e7 (diff) |
quic explorations
Diffstat (limited to 'tls.go')
-rw-r--r-- | tls.go | 34 |
1 files changed, 34 insertions, 0 deletions
@@ -0,0 +1,34 @@ +package obfsvpn + +import ( + "crypto/rand" + "crypto/rsa" + "crypto/tls" + "crypto/x509" + "encoding/pem" + "math/big" +) + +// Setup a bare-bones TLS config for the server +func generateTLSConfig() *tls.Config { + key, err := rsa.GenerateKey(rand.Reader, 1024) + if err != nil { + panic(err) + } + template := x509.Certificate{SerialNumber: big.NewInt(1)} + certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key) + if err != nil { + panic(err) + } + keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}) + certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER}) + + tlsCert, err := tls.X509KeyPair(certPEM, keyPEM) + if err != nil { + panic(err) + } + return &tls.Config{ + Certificates: []tls.Certificate{tlsCert}, + NextProtos: []string{"quic-echo-example"}, + } +} |