Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Upgrade a connection to TLS in Go

Tags:

ssl

go

I have an open TCP connection and read from it with a for loop like so

for {
  // tx.Text is of type textproto.Conn
  // the underlying connection is stored in tx.Conn
  l, err := tx.Text.Reader.ReadLine()

  // do stuff with the text line ...
}

Now I want to upgrade the connection to TLS like this (TlsConf contains a certificate loaded with tls.LoadX509KeyPair)

tx.Conn = tls.Server(tx.Conn, tx.Server.Conf.TlsConf)
tx.Text = textproto.NewConn(tx.Conn)

When I do this I get a segmentation fault on the client when the server attempts a handshake. I'm implementing a SMTP server and am testing it with swaks using the -tls flag. The terminal output of swaks is the following

-> STARTTLS
<-  220 Start TLS
Segmentation fault: 11

Since swaks is a tested tool, and worked with the nodeJS SMTP implementation I had before, I don't suspect the error is on the client side.

What did I do wrong or what is missing?

PS: When a TLS connection is started from an existing insecure connection, what does exactly happen? Does the client establish a new connection on a different port or is the connection reused?

like image 808
Era Avatar asked Oct 28 '12 16:10

Era

1 Answers

Here's how to upgrade a net.conn to tls.con:

1) Somewhere in your code, you have these variables defined

var TLSconfig *tls.Config
...
// conn is a normal connection of type net.Conn
conn, err := listener.Accept()
...

2) Initialize TLSConfig somewhere above, do something like this

cert, err := tls.LoadX509KeyPair("/path/to/cert", "/path/to/key")
if err != nil {
    // ...
}
TLSconfig = &tls.Config{
Certificates: []tls.Certificate{cert}, 
ClientAuth: tls.VerifyClientCertIfGiven, 
ServerName: "example.com"}

3) At this point you are reading/writing to a standard connection.

When the client issues STARTTLS command, do this in your server:

// Init a new TLS connection. I need a *tls.Conn type 
// so that I can do the Handshake()
var tlsConn *tls.Conn
tlsConn = tls.Server(client.socket, TLSconfig)
// run a handshake
tlsConn.Handshake()
// Here is the trick. Since I do not need to access 
// any of the TLS functions anymore,
// I can convert tlsConn back in to a net.Conn type
conn = net.Conn(tlsConn)

Next, you may probably update your buffers with the new connection, etc.

Test your server like this:

openssl s_client -starttls smtp -crlf -connect  example.com:25

This allows you to interact with the server through the tls connection and you can issue some commands, etc.

More about conversions in Go

I guess conversions are another reason for what makes Go so powerful!

http://golang.org/ref/spec#Conversions

http://golang.org/doc/effective_go.html#conversions

like image 172
Allen Hamilton Avatar answered Oct 15 '22 08:10

Allen Hamilton
Sign in to Comment

Related questions

Calling a pointer method on a struct in a map
How to keep track of the count of instances of a type?
Rails RSpec like testing in Google Go
How to pass data struct as parameter in golang
How can you decode multiple message types with golang websockets?
how preload a full hierarchy in GO using GORM
Declare recursive/multidimensional map
Reference a boolean for assignment in a struct
Is encoding/gob deterministic?
How to detect if two Golang net.IPNet objects intersect?
Error: Non-standard import "gopkg.in/yaml.v2" in standard package
Features obligatory for TERM=dumb terminal
Why can't I find the ID using the mgo library of golang?
Go Getter Methods vs Fields, Proper Naming
Golang - go run takes long to execute
OpenAPI spec validation in Golang
How to unmarshall viper config to struct with dash character
How to filter fields from a mongo document with the official mongo-go-driver
How do Go web apps function from a server perspective?
Send stdin keystrokes to channel without newline required

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!