Is this go gettable ? crypto/tls/generate_cert.go
216 views
Skip to first unread message
mhh...@gmail.com
Nov 3, 2016, 8:40:31 AM11/3/16
to golang-nuts
Hi,
I d like to know if i can go get this bin available here :
https://golang.org/src/crypto/tls/generate_cert.go
I think i can not, but i d like to be sure.
If that is not go gettable, is there any problem
if i re pack this into a specific module
to provide support for got get, windows/debian/rpm installers ?
Thanks!
I d like to know if i can go get this bin available here :
https://golang.org/src/crypto/tls/generate_cert.go
I think i can not, but i d like to be sure.
If that is not go gettable, is there any problem
if i re pack this into a specific module
to provide support for got get, windows/debian/rpm installers ?
Thanks!
Jan Mercl
Nov 3, 2016, 8:54:44 AM11/3/16
to mhh...@gmail.com, golang-nuts
On Thu, Nov 3, 2016 at 1:40 PM <mhh...@gmail.com> wrote:
> to provide support for got get, windows/debian/rpm installers ?
> to provide support for got get, windows/debian/rpm installers ?
I probably do not understand the goal correctly, but: If the user can do `go get` then he has the go tool installed. That means he has Go installed. That means he does not have to go get the crypto/tls package as it is already sitting in his $GOROOT/src/crypto/tls.
--
-j
mhh...@gmail.com
Nov 3, 2016, 9:11:26 AM11/3/16
to golang-nuts, mhh...@gmail.com
Hi, thanks for feedback.
The goal is to have a binary to generate self signed certificate in an instant.
That i also want to provide installers, is because (its my sauce)
I believe there s a world beyond go community to whom go wonders can be helpful
this is an easy goal to reach because go is super easy to cross compile, and i have those tools yet.
cherries on the cake.
Now, for a pure go community point of view, i think its better to implement something like
https://godoc.org/golang.org/x/crypto/acme/autocert
A tls config with a certificate provider which would generates those keys/certs in memory (probably?) and make it as easy as this to setup a local development environment wih ssl support,
Maybe that exists yet and i missed it ?
Back on my original question, its ok if i copy paste the code into a specific module with its appropriate credits ?
Given the quick red i gave it, there s really not much to change to this code, it if works already.
The goal is to have a binary to generate self signed certificate in an instant.
That i also want to provide installers, is because (its my sauce)
I believe there s a world beyond go community to whom go wonders can be helpful
this is an easy goal to reach because go is super easy to cross compile, and i have those tools yet.
cherries on the cake.
Now, for a pure go community point of view, i think its better to implement something like
https://godoc.org/golang.org/x/crypto/acme/autocert
A tls config with a certificate provider which would generates those keys/certs in memory (probably?) and make it as easy as this to setup a local development environment wih ssl support,
func letsEncryptServe(addr string, dns string, cache string, router http.Handler) {
cacheDir := autocert.DirCache(cache)
m := autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(dns),
Cache: cacheDir,
}
// configure the https server
ssrv := &http.Server{
Handler: router,
Addr: addr,
WriteTimeout: 15 * time.Second,
ReadTimeout: 15 * time.Second,
TLSConfig: &tls.Config{GetCertificate: m.GetCertificate},
}
fmt.Printf("Server running on %v\n", ssrv.Addr)
// start the ssl server
log.Fatal(ssrv.ListenAndServeTLS("",""))
}Maybe that exists yet and i missed it ?
Back on my original question, its ok if i copy paste the code into a specific module with its appropriate credits ?
Given the quick red i gave it, there s really not much to change to this code, it if works already.
Diego Medina
Nov 3, 2016, 9:46:40 AM11/3/16
to golang-nuts, mhh...@gmail.com
Back on my original question, its ok if i copy paste the code into a specific module with its appropriate credits ?
Given the quick red i gave it, there s really not much to change to this code, it if works already.
at the top of that file it says :
// Use of this source code is governed by a BSD-style
So, as long as your binary doesn't break the BSD license, it should be ok.
Regarding using autocert with let's encrypt for local dev, let's encrypt limits the number of certs you can get in (X days, I can't remember the limit), so if you load them just in memory, you would run into issues sooner or later. And, it doesn't really work for local dev, let's encrypt needs to reach your server to validate you own the domain (you could setup your router to allow external incoming request, setup dns to point to your house/office/ etc, but this isn't the normal dev env.)
Hope that helps.
Regards,
Diego
mhh...@gmail.com
Nov 3, 2016, 10:27:44 AM11/3/16
to golang-nuts, mhh...@gmail.com
Hi,
thanks, ok good to go then !
thanks, ok good to go then !
> And, it doesn't really work for local dev
Yeah, I figured this out after some reading.
Some resources explains it might be possible to work with letsencrypr for local domains,
but the setup is complex (my taste) and adds additional maintenance.
What i want to do is to ease the dev setup,
which is annoying because to get ssl working you need
- to install openssl on the computer
- run the appropriate commands
In an environment with various skills this is annoying, either you got to write
an Nth whole readme (like this one https://gist.github.com/denji/12b3a568f092ab951456)
and hope people will catch up,
you also hope they won t run into additional troubles
because some uses windows, others macos, other linux,
different openssl verions.
Or you store those data into the VCS, but this has nothing to do here,
and if your project is public and hosted on github/bitbucket/whatever,
its not fair to store trash data there.
On the other hand, if i can have just one program to generate those files,
and put a one liner in the doc,
that s done,
that don t pollute the vcs,
that works well for everyone,
that s reusable for non go projects.
Yet for go projects, i believe, this can be replaced
with an in-memory certificate provider,
it only requires to create a certificate provider
like acme does and figure out the details.
anyway, my sauce!
thanks again.
Some resources explains it might be possible to work with letsencrypr for local domains,
but the setup is complex (my taste) and adds additional maintenance.
What i want to do is to ease the dev setup,
which is annoying because to get ssl working you need
- to install openssl on the computer
- run the appropriate commands
In an environment with various skills this is annoying, either you got to write
an Nth whole readme (like this one https://gist.github.com/denji/12b3a568f092ab951456)
and hope people will catch up,
you also hope they won t run into additional troubles
because some uses windows, others macos, other linux,
different openssl verions.
Or you store those data into the VCS, but this has nothing to do here,
and if your project is public and hosted on github/bitbucket/whatever,
its not fair to store trash data there.
On the other hand, if i can have just one program to generate those files,
and put a one liner in the doc,
that s done,
that don t pollute the vcs,
that works well for everyone,
that s reusable for non go projects.
Yet for go projects, i believe, this can be replaced
with an in-memory certificate provider,
it only requires to create a certificate provider
like acme does and figure out the details.
anyway, my sauce!
thanks again.
Reply all
Reply to author
Forward
0 new messages