Golang程序加载tls证书的代码
April 15, 2022 | 1 Minute Read
func loadTLSConfig(c *ServiceConfig) *tls.Config {
cfg := &tls.Config{}
if len(c.CertFile) > 0 && len(c.KeyFile) > 0 {
cert, err := tls.LoadX509KeyPair(c.CertFile, c.KeyFile) // "example-cert.pem" "example-key.pem
if err != nil {
log.Printf("Failed to load cert file or key file %v %v, error: %+v\n", c.CertFile, c.KeyFile, err)
return nil
}
cfg.Certificates = []tls.Certificate{cert}
}
if len(c.RootCAsFile) > 0 {
certPool := x509.NewCertPool()
rootBuf, err := os.ReadFile(c.RootCAsFile) // " root_ca.pem"
if err != nil {
log.Printf("failed to read rootCAsFile %v, error: %+v\n", c.RootCAsFile, err)
return nil
}
if !certPool.AppendCertsFromPEM(rootBuf) {
log.Printf("failed to append rootCAs, error: %+v\n", err)
return nil
}
cfg.RootCAs = certPool
}
if len(c.ServerName) > 0 {
cfg.ServerName = c.ServerName // serverName需要与服务器证书内的Common Name一致
}
cfg.InsecureSkipVerify = c.InsecureSkipVerify
return cfg
}