How to use this package in https?
zhangcunli opened this issue · 5 comments
I want use tls-psk on https client, but can't build success.
tr := &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
CipherSuites: []uint16{psk.TLS_PSK_WITH_AES_128_CBC_SHA},
Certificates: []tls.Certificate{tls.Certificate{}},
Extra: psk.PSKConfig{
GetKey: getKey,
GetIdentity: getIdentity,
},
},
}
client := &http.Client{Transport: tr}
What error do you get ? What version of Go are you using ?
@raff
Hi,I use "go version go1.13.4 linux/amd64", and checkout tls-ext, tls-psk to branch tls13.
I got error:
# command-line-arguments
./clientpsk1.go:44:3: cannot use &"github.com/raff/tls-ext".Config literal (type *"github.com/raff/tls-ext".Config) as type *"crypto/tls".Config in field value
Well, the issue is that tls-ext.Config is not tls.Config (it's a super-set, but from the compiler point of view is a completely different type).
If you really wanted to get this working you could try to fork/vendor net/http and replace the references to net/tls with raff/tls-ext.
Well, the issue is that tls-ext.Config is not tls.Config (it's a super-set, but from the compiler point of view is a completely different type).
If you really wanted to get this working you could try to fork/vendor net/http and replace the references to net/tls with raff/tls-ext.
Thanks.
@zhangcunli Maybe your issue is still there and you could try this
transport := http.Transport{
DisableCompression: true,
DialTLSContext: c.tlsContext(),
}
inner := http.Client{
Transport: http.RoundTripper(transport),
Timeout: 120 * time.Second,
}
The idea is to provide http transport
func (c *Client) tlsConfig() *tls.Config {
return &tls.Config{
InsecureSkipVerify: true,
CipherSuites: []uint16{psk.TLS_PSK_WITH_AES_128_CBC_SHA},
Certificates: []tls.Certificate{tls.Certificate{}},
Extra: psk.PSKConfig{
GetIdentity: func() string {
return c.config.ID
},
GetKey: func(identity string) ([]byte, error) {
return []byte(c.config.Key), nil
},
},
}
}
func (c *Client) tlsContext() func(ctx context.Context, network, addr string) (net.Conn, error) {
return func(ctx context.Context, network, addr string) (net.Conn, error) {
return tls.Dial(network, addr, c.tlsConfig())
}
}
But it's not working on the handshake level. I have an error on the server side
tls: certificate private key (<nil>) does not implement crypto.Signer