crypto/tls: good defaults

R=agl1 CC=golang-dev https://golang.org/cl/851041
2024-11-18 15:54:42 -07:00 · 2010-04-05 14:38:02 -07:00 · 2010-04-05 14:38:02 -07:00 · 99d258a2f0
commit 99d258a2f0
parent 6c196015e0
2 changed files with 61 additions and 1 deletions
--- a/src/pkg/crypto/tls/common.go
+++ b/src/pkg/crypto/tls/common.go
@ -5,9 +5,13 @@
 package tls

 import (
+	"crypto/rand"
 	"crypto/rsa"
 	"io"
+	"io/ioutil"
+	"once"
 	"os"
+	"time"
 )

 const (
@ -130,3 +134,38 @@ func (nop) Sum() []byte { return nil }
 func (nop) Reset() {}

 func (nop) Size() int { return 0 }
+
+
+// The defaultConfig is used in place of a nil *Config in the TLS server and client.
+var varDefaultConfig *Config
+
+func defaultConfig() *Config {
+	once.Do(initDefaultConfig)
+	return varDefaultConfig
+}
+
+// Possible certificate files; stop after finding one.
+// On OS X we should really be using the Directory Services keychain
+// but that requires a lot of Mach goo to get at.  Instead we use
+// the same root set that curl uses.
+var certFiles = []string{
+	"/etc/ssl/certs/ca-certificates.crt", // Linux etc
+	"/usr/share/curl/curl-ca-bundle.crt", // OS X
+}
+
+func initDefaultConfig() {
+	roots := NewCASet()
+	for _, file := range certFiles {
+		data, err := ioutil.ReadFile(file)
+		if err == nil {
+			roots.SetFromPEM(data)
+			break
+		}
+	}
+
+	varDefaultConfig = &Config{
+		Rand:    rand.Reader,
+		Time:    time.Seconds,
+		RootCAs: roots,
+	}
+}
--- a/src/pkg/crypto/tls/tls.go
+++ b/src/pkg/crypto/tls/tls.go
@ -125,6 +125,9 @@ type handshaker interface {
 // Server establishes a secure connection over the given connection and acts
 // as a TLS server.
 func startTLSGoroutines(conn net.Conn, h handshaker, config *Config) *Conn {
+	if config == nil {
+		config = defaultConfig()
+	}
 	tls := new(Conn)
 	tls.Conn = conn

@ -167,7 +170,6 @@ func (l *Listener) Accept() (c net.Conn, err os.Error) {
 	if err != nil {
 		return
 	}
-
 	c = Server(c, l.config)
 	return
 }
@ -179,8 +181,27 @@ func (l *Listener) Addr() net.Addr { return l.listener.Addr() }
 // NewListener creates a Listener which accepts connections from an inner
 // Listener and wraps each connection with Server.
 func NewListener(listener net.Listener, config *Config) (l *Listener) {
+	if config == nil {
+		config = defaultConfig()
+	}
 	l = new(Listener)
 	l.listener = listener
 	l.config = config
 	return
 }
+
+func Listen(network, laddr string) (net.Listener, os.Error) {
+	l, err := net.Listen(network, laddr)
+	if err != nil {
+		return nil, err
+	}
+	return NewListener(l, nil), nil
+}
+
+func Dial(network, laddr, raddr string) (net.Conn, os.Error) {
+	c, err := net.Dial(network, laddr, raddr)
+	if err != nil {
+		return nil, err
+	}
+	return Client(c, nil), nil
+}