golang简单实现一个基于TLS/SSL的 TCP服务器和客户端

本篇文章介绍一下使用TLS/SSL创建安全的TCP通信,首先我们要准备一个数字证书和一个密钥关于如何产生密钥,请看下面文章：

Author: 岳东卫
Email: usher.yue@gmail.com

通过Openssl创建数字证书和密钥

关于如何通过Openssl创建证书和私钥

TLS服务器端代码

package main

import (
    "crypto/rand"
    "crypto/tls"
    "fmt"
    "log"
    "net"
    "time"
)

func HandleClientConnect(conn net.Conn) {
    defer conn.Close()
    fmt.Println("Receive Connect Request From ", conn.RemoteAddr().String())
    buffer := make([]byte, 1024)
    for {
        len, err := conn.Read(buffer)
        if err != nil {
            log.Println(err.Error())
            break
        }
        fmt.Printf("Receive Data: %s\n", string(buffer[:len]))
        //发送给客户端
        _, err = conn.Write([]byte("服务器收到数据:" + string(buffer[:len])))
        if err != nil {
            break
        }
    }
    fmt.Println("Client " + conn.RemoteAddr().String() + " Connection Closed.....")
}

func main() {
    crt, err := tls.LoadX509KeyPair("server.crt", "server.key")
    if err != nil {
        log.Fatalln(err.Error())
    }
    tlsConfig := &tls.Config{}
    tlsConfig.Certificates = []tls.Certificate{crt}
    // Time returns the current time as the number of seconds since the epoch.
    // If Time is nil, TLS uses time.Now.
    tlsConfig.Time = time.Now
    // Rand provides the source of entropy for nonces and RSA blinding.
    // If Rand is nil, TLS uses the cryptographic random reader in package
    // crypto/rand.
    // The Reader must be safe for use by multiple goroutines.
    tlsConfig.Rand = rand.Reader
    l, err := tls.Listen("tcp", ":8888", tlsConfig)
    if err != nil {
        log.Fatalln(err.Error())
    }
    for {
        conn, err := l.Accept()
        if err != nil {
            fmt.Println(err.Error())
            continue
        } else {
            go HandleClientConnect(conn)
        }
    }

}

TLS客户端代码

package main

import (
    "crypto/tls"
    "fmt"
    "io"
    "time"

    "log"
)

func main() {
    //注意这里要使用证书中包含的主机名称
    conn, err := tls.Dial("tcp", "abc.com:8888", nil)
    if err != nil {
        log.Fatalln(err.Error())
    }
    defer conn.Close()
    log.Println("Client Connect To ", conn.RemoteAddr())
    status := conn.ConnectionState()
    fmt.Printf("%#v\n", status)
    buf := make([]byte, 1024)
    ticker := time.NewTicker(1 * time.Millisecond * 500)
    for {
        select {
        case <-ticker.C:
            {
                _, err = io.WriteString(conn, "hello")
                if err != nil {
                    log.Fatalln(err.Error())
                }
                len, err := conn.Read(buf)
                if err != nil {
                    fmt.Println(err.Error())
                } else {
                    fmt.Println("Receive From Server:", string(buf[:len]))
                }
            }
        }
    }

}