阅读背景:

使用自签CA,Server,client证书和双向认证

来源:互联网 

服务端代码

package main

import (
    "crypto/tls"
    "crypto/x509"
    "google.golang.org/grpc"
    "google.golang.org/grpc/credentials"
    "grpcpro/services"
    "io/ioutil"
    "net"
)

func main()  {
    cert,_:=tls.LoadX509KeyPair("cert/server.pem","cert/server.key")
    certPool := x509.NewCertPool()
    ca, _ := ioutil.ReadFile("cert/ca.pem")
    certPool.AppendCertsFromPEM(ca)

    creds:=credentials.NewTLS(&tls.Config{
        Certificates: []tls.Certificate{cert},//服务端证书
        ClientAuth:   tls.RequireAndVerifyClientCert,
        ClientCAs:    certPool,
    })


    rpcServer:=grpc.NewServer(grpc.Creds(creds))
    services.RegisterProdServiceServer(rpcServer,new(services.ProdService))
    lis,_:=net.Listen("tcp",":8081")
    rpcServer.Serve(lis)

    //以下注释为grpc提供http服务代码
    //mux:=http.NewServeMux()
    //mux.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
    //     rpcServer.ServeHTTP(writer,request)
    //})
    //httpServer:=&http.Server{
    //    Addr:":8081",
    //    Handler:mux,
    //}
    //httpServer.ListenAndServeTLS("keys/server.crt","keys/server.key")

}
package main

import (
    



你的当前访问异常,请进行认证后继续阅读剩余内容。

分享到: