• TLS通信

    TLS通信

    gtcp模块支持TLS加密通信服务端及客户端,在对安全要求比较高的场景中非常必要。TLS服务端创建可以通过NewServerTLS或者NewServerKeyCrt方法实现。TLS客户端创建可以通过NewConnKeyCrt或者NewConnTLS方法实现。

    使用示例:

    https://github.com/gogf/gf/tree/master/geg/net/gtcp/tls

    1. package main
    3. import (
    4.     "fmt"
    5.     "github.com/gogf/gf/g/net/gtcp"
    6.     "github.com/gogf/gf/g/os/glog"
    7.     "github.com/gogf/gf/g/util/gconv"
    8.     "time"
    9. )
    11. func main() {
    12.     address := "127.0.0.1:8999"
    13.     crtFile := "server.crt"
    14.     keyFile := "server.key"
    15.     // TLS Server
    16.     go gtcp.NewServerKeyCrt(address, crtFile, keyFile, func(conn *gtcp.Conn) {
    17.         defer conn.Close()
    18.         for {
    19.             data, err := conn.Recv(-1)
    20.             if len(data) > 0 {
    21.                 fmt.Println(string(data))
    22.             }
    23.             if err != nil {
    24.                 // if client closes, err will be: EOF
    25.                 glog.Error(err)
    26.                 break
    27.             }
    28.         }
    29.     }).Run()
    31.     time.Sleep(time.Second)
    33.     // Client
    34.     conn, err := gtcp.NewConnKeyCrt(address, crtFile, keyFile)
    35.     if err != nil {
    36.         panic(err)
    37.     }
    38.     defer conn.Close()
    39.     for i := 0; i < 10; i++ {
    40.         if err := conn.Send([]byte(gconv.String(i))); err != nil {
    41.             glog.Error(err)
    42.         }
    43.         time.Sleep(time.Second)
    44.         if i == 5 {
    45.             conn.Close()
    46.             break
    47.         }
    48.     }
    50.     // exit after 5 seconds
    51.     time.Sleep(5 * time.Second)
    52. }

    执行后,可以看到客户端执行时报错:

    1. panic: x509: certificate has expired or is not yet valid

    那是因为我们的证书是手动创建的,并且已经过期了,为了演示方便,我们在客户端代码中去掉客户端对证书的校验。

    1. package main
    3. import (
    4.     "fmt"
    5.     "github.com/gogf/gf/g/net/gtcp"
    6.     "github.com/gogf/gf/g/os/glog"
    7.     "github.com/gogf/gf/g/util/gconv"
    8.     "time"
    9. )
    11. func main() {
    12.     address := "127.0.0.1:8999"
    13.     crtFile := "server.crt"
    14.     keyFile := "server.key"
    15.     // TLS Server
    16.     go gtcp.NewServerKeyCrt(address, crtFile, keyFile, func(conn *gtcp.Conn) {
    17.         defer conn.Close()
    18.         for {
    19.             data, err := conn.Recv(-1)
    20.             if len(data) > 0 {
    21.                 fmt.Println(string(data))
    22.             }
    23.             if err != nil {
    24.                 // if client closes, err will be: EOF
    25.                 glog.Error(err)
    26.                 break
    27.             }
    28.         }
    29.     }).Run()
    31.     time.Sleep(time.Second)
    33.     // Client
    34.     tlsConfig, err := gtcp.LoadKeyCrt(crtFile, keyFile)
    35.     if err != nil {
    36.         panic(err)
    37.     }
    38.     tlsConfig.InsecureSkipVerify = true
    40.     conn, err := gtcp.NewConnTLS(address, tlsConfig)
    41.     if err != nil {
    42.         panic(err)
    43.     }
    44.     defer conn.Close()
    45.     for i := 0; i < 10; i++ {
    46.         if err := conn.Send([]byte(gconv.String(i))); err != nil {
    47.             glog.Error(err)
    48.         }
    49.         time.Sleep(time.Second)
    50.         if i == 5 {
    51.             conn.Close()
    52.             break
    53.         }
    54.     }
    56.     // exit after 5 seconds
    57.     time.Sleep(5 * time.Second)
    58. }

    执行后,终端输出结果为:

    1. 0
    2. 1
    3. 2
    4. 3
    5. 4
    6. 5
    7. 2019-06-05 00:13:12.488 [ERRO] EOF 
    8. Stack:
    9. 1. /Users/john/Workspace/Go/GOPATH/src/github.com/gogf/gf/geg/net/gtcp/tls/gtcp_server_client.go:25

    其中客户端在5秒后关闭了连接,因此服务端在接收数据时获取到了一个EOF错误,这种错误在正式使用中我们直接忽略,报错时服务端直接关闭客户端连接即可。