2 tofuproxy -- HTTP proxy with TLS certificates management
3 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, version 3 of the License.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
34 cert *x509.Certificate
39 hostCerts = make(map[string]*Keypair)
46 max = max.SetBit(max, 128, 1)
48 Serial, err = rand.Int(rand.Reader, max)
56 caCert *x509.Certificate,
57 caPrv crypto.PrivateKey,
59 prv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
64 notBefore := time.Now()
65 notAfter := notBefore.Add(24 * time.Hour)
66 Serial = Serial.Add(Serial, big.NewInt(1))
67 template := x509.Certificate{
69 Subject: pkix.Name{CommonName: host},
70 DNSNames: []string{host},
74 certRaw, err := x509.CreateCertificate(
75 rand.Reader, &template, caCert, pub, caPrv,
80 cert, err := x509.ParseCertificate(certRaw)
84 return &Keypair{cert, prv}