1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package tls partially implements TLS 1.2, as specified in RFC 5246.
21 // Server returns a new TLS server side connection
22 // using conn as the underlying transport.
23 // The configuration config must be non-nil and must have
24 // at least one certificate.
25 func Server(conn net.Conn, config *Config) *Conn {
26 return &Conn{conn: conn, config: config}
29 // Client returns a new TLS client side connection
30 // using conn as the underlying transport.
31 // The config cannot be nil: users must set either ServerHostname or
32 // InsecureSkipVerify in the config.
33 func Client(conn net.Conn, config *Config) *Conn {
34 return &Conn{conn: conn, config: config, isClient: true}
37 // A listener implements a network listener (net.Listener) for TLS connections.
38 type listener struct {
43 // Accept waits for and returns the next incoming TLS connection.
44 // The returned connection c is a *tls.Conn.
45 func (l *listener) Accept() (c net.Conn, err error) {
46 c, err = l.Listener.Accept()
50 c = Server(c, l.config)
54 // NewListener creates a Listener which accepts connections from an inner
55 // Listener and wraps each connection with Server.
56 // The configuration config must be non-nil and must have
57 // at least one certificate.
58 func NewListener(inner net.Listener, config *Config) net.Listener {
65 // Listen creates a TLS listener accepting connections on the
66 // given network address using net.Listen.
67 // The configuration config must be non-nil and must have
68 // at least one certificate.
69 func Listen(network, laddr string, config *Config) (net.Listener, error) {
70 if config == nil || len(config.Certificates) == 0 {
71 return nil, errors.New("tls.Listen: no certificates in configuration")
73 l, err := net.Listen(network, laddr)
77 return NewListener(l, config), nil
80 type timeoutError struct{}
82 func (timeoutError) Error() string { return "tls: DialWithDialer timed out" }
83 func (timeoutError) Timeout() bool { return true }
84 func (timeoutError) Temporary() bool { return true }
86 // DialWithDialer connects to the given network address using dialer.Dial and
87 // then initiates a TLS handshake, returning the resulting TLS connection. Any
88 // timeout or deadline given in the dialer apply to connection and TLS
89 // handshake as a whole.
91 // DialWithDialer interprets a nil configuration as equivalent to the zero
92 // configuration; see the documentation of Config for the defaults.
93 func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error) {
94 // We want the Timeout and Deadline values from dialer to cover the
95 // whole process: TCP connection and TLS handshake. This means that we
96 // also need to start our own timers now.
97 timeout := dialer.Timeout
99 if !dialer.Deadline.IsZero() {
100 deadlineTimeout := dialer.Deadline.Sub(time.Now())
101 if timeout == 0 || deadlineTimeout < timeout {
102 timeout = deadlineTimeout
106 var errChannel chan error
109 errChannel = make(chan error, 2)
110 time.AfterFunc(timeout, func() {
111 errChannel <- timeoutError{}
115 rawConn, err := dialer.Dial(network, addr)
120 colonPos := strings.LastIndex(addr, ":")
124 hostname := addr[:colonPos]
127 config = defaultConfig()
129 // If no ServerName is set, infer the ServerName
130 // from the hostname we're connecting to.
131 if config.ServerName == "" {
132 // Make a copy to avoid polluting argument or default.
134 c.ServerName = hostname
138 conn := Client(rawConn, config)
141 err = conn.Handshake()
144 errChannel <- conn.Handshake()
158 // Dial connects to the given network address using net.Dial
159 // and then initiates a TLS handshake, returning the resulting
161 // Dial interprets a nil configuration as equivalent to
162 // the zero configuration; see the documentation of Config
164 func Dial(network, addr string, config *Config) (*Conn, error) {
165 return DialWithDialer(new(net.Dialer), network, addr, config)
168 // LoadX509KeyPair reads and parses a public/private key pair from a pair of
169 // files. The files must contain PEM encoded data.
170 func LoadX509KeyPair(certFile, keyFile string) (cert Certificate, err error) {
171 certPEMBlock, err := ioutil.ReadFile(certFile)
175 keyPEMBlock, err := ioutil.ReadFile(keyFile)
179 return X509KeyPair(certPEMBlock, keyPEMBlock)
182 // X509KeyPair parses a public/private key pair from a pair of
184 func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error) {
185 var certDERBlock *pem.Block
187 certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
188 if certDERBlock == nil {
191 if certDERBlock.Type == "CERTIFICATE" {
192 cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
196 if len(cert.Certificate) == 0 {
197 err = errors.New("crypto/tls: failed to parse certificate PEM data")
201 var keyDERBlock *pem.Block
203 keyDERBlock, keyPEMBlock = pem.Decode(keyPEMBlock)
204 if keyDERBlock == nil {
205 err = errors.New("crypto/tls: failed to parse key PEM data")
208 if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
213 cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes)
218 // We don't need to parse the public key for TLS, but we so do anyway
219 // to check that it looks sane and matches the private key.
220 x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
225 switch pub := x509Cert.PublicKey.(type) {
227 priv, ok := cert.PrivateKey.(*rsa.PrivateKey)
229 err = errors.New("crypto/tls: private key type does not match public key type")
232 if pub.N.Cmp(priv.N) != 0 {
233 err = errors.New("crypto/tls: private key does not match public key")
236 case *ecdsa.PublicKey:
237 priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey)
239 err = errors.New("crypto/tls: private key type does not match public key type")
243 if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 {
244 err = errors.New("crypto/tls: private key does not match public key")
248 err = errors.New("crypto/tls: unknown public key algorithm")
255 // Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates
256 // PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys.
257 // OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three.
258 func parsePrivateKey(der []byte) (crypto.PrivateKey, error) {
259 if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
262 if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
263 switch key := key.(type) {
264 case *rsa.PrivateKey, *ecdsa.PrivateKey:
267 return nil, errors.New("crypto/tls: found unknown private key type in PKCS#8 wrapping")
270 if key, err := x509.ParseECPrivateKey(der); err == nil {
274 return nil, errors.New("crypto/tls: failed to parse private key")