Create new function ListenAndServeTLS to easy run a DNS server with TLS support

Using the ListenAndServe with network as "tcp-tls" will cause an error, as the certificates weren't informed. To solve that we created the function ListenAndServeTLS that will configure a DNS server listening TCP and handling requests on incoming TLS connections. See #297
2016-01-08 13:20:22 -02:00 · 2016-01-08 13:20:22 -02:00 · 72c041d2f5
parent a9978c4481
commit 72c041d2f5
1 changed files with 26 additions and 1 deletions
--- a/server.go
+++ b/server.go
@ -93,13 +93,38 @@ func HandleFailed(w ResponseWriter, r *Msg) {

 func failedHandler() Handler { return HandlerFunc(HandleFailed) }

-// ListenAndServe Starts a server on addresss and network speficied. Invoke handler
+// ListenAndServe Starts a server on address and network specified Invoke handler
 // for incoming queries.
 func ListenAndServe(addr string, network string, handler Handler) error {
 	server := &Server{Addr: addr, Net: network, Handler: handler}
 	return server.ListenAndServe()
 }

+// ListenAndServeTLS acts identically to ListenAndServe, except that it
+// expects TLS connections. Additionally, files containing a certificate and
+// matching private key for the server must be provided. If the certificate
+// is signed by a certificate authority, the certFile should be the concatenation
+// of the server's certificate, any intermediates, and the CA's certificate.
+func ListenAndServeTLS(addr, certFile, keyFile string, handler Handler) error {
+	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
+	if err != nil {
+		return err
+	}
+
+	config := tls.Config{
+		Certificates: []tls.Certificate{cert},
+	}
+
+	server := &Server{
+		Addr:      addr,
+		Net:       "tcp-tls",
+		TLSConfig: &config,
+		Handler:   handler,
+	}
+
+	return server.ListenAndServe()
+}
+
 // ActivateAndServe activates a server with a listener from systemd,
 // l and p should not both be non-nil.
 // If both l and p are not nil only p will be used.