raff/tls-psk

How to use this package in https?

zhangcunli opened this issue · 5 comments

I want use tls-psk on https client, but can't build success.

                tr := &http.Transport{
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: true,
			CipherSuites:       []uint16{psk.TLS_PSK_WITH_AES_128_CBC_SHA},
			Certificates:       []tls.Certificate{tls.Certificate{}},
			Extra: psk.PSKConfig{
				GetKey:      getKey,
				GetIdentity: getIdentity,
			},
		},
	}

	client := &http.Client{Transport: tr}
raff commented

What error do you get ? What version of Go are you using ?

@raff
Hi,I use "go version go1.13.4 linux/amd64", and checkout tls-ext, tls-psk to branch tls13.

I got error:

# command-line-arguments
./clientpsk1.go:44:3: cannot use &"github.com/raff/tls-ext".Config literal (type *"github.com/raff/tls-ext".Config) as type *"crypto/tls".Config in field value
raff commented

Well, the issue is that tls-ext.Config is not tls.Config (it's a super-set, but from the compiler point of view is a completely different type).

If you really wanted to get this working you could try to fork/vendor net/http and replace the references to net/tls with raff/tls-ext.

Well, the issue is that tls-ext.Config is not tls.Config (it's a super-set, but from the compiler point of view is a completely different type).

If you really wanted to get this working you could try to fork/vendor net/http and replace the references to net/tls with raff/tls-ext.

Thanks.

@zhangcunli Maybe your issue is still there and you could try this

	transport := http.Transport{
		DisableCompression: true,
		DialTLSContext:     c.tlsContext(),
	}

	inner := http.Client{
		Transport: http.RoundTripper(transport),
		Timeout:   120 * time.Second,
	}

The idea is to provide http transport

func (c *Client) tlsConfig() *tls.Config {
	return &tls.Config{
		InsecureSkipVerify: true,
		CipherSuites: []uint16{psk.TLS_PSK_WITH_AES_128_CBC_SHA},
		Certificates: []tls.Certificate{tls.Certificate{}},
		Extra: psk.PSKConfig{
			GetIdentity: func() string {
				return c.config.ID
			},
			GetKey: func(identity string) ([]byte, error) {
				return []byte(c.config.Key), nil
			},
		},
	}
}

func (c *Client) tlsContext() func(ctx context.Context, network, addr string) (net.Conn, error) {
	return func(ctx context.Context, network, addr string) (net.Conn, error) {
		return tls.Dial(network, addr, c.tlsConfig())
	}
}

But it's not working on the handshake level. I have an error on the server side

tls: certificate private key (<nil>) does not implement crypto.Signer