1

Is it possible to fit a m.GetCertificate into a GRPC client / server?

   m := &autocert.Manager{
        Cache:      autocert.DirCache("tls"),
        Prompt:     autocert.AcceptTOS,
        HostPolicy: autocert.HostWhitelist("example.com"),
    }
    go http.ListenAndServe(":http", m.HTTPHandler(nil))
    cert, err := m.GetCertificate(...)
    if err != nil {
        t.Fatalf("Failed to generate certificates %s", err)
    }
    creds := credentials.NewServerTLSFromCert(cert)
    srv := grpc.NewServer(grpc.Creds(creds))
    reflection.Register(srv)

https://godoc.org/golang.org/x/crypto/acme/autocert

Gert Cuykens
  • 6,845
  • 13
  • 50
  • 84

1 Answers1

0

https://github.com/golang/go/issues/24894

Use NewTLS instead of NewServerTLSFromCert.

https://godoc.org/google.golang.org/grpc/credentials#NewTLS

Credits to FiloSottile

    m := &autocert.Manager{
    Cache:      autocert.DirCache("tls"),
    Prompt:     autocert.AcceptTOS,
    HostPolicy: autocert.HostWhitelist("example.com"),
}
go http.ListenAndServe(":http", m.HTTPHandler(nil))
creds := credentials.NewTLS(&tls.Config{GetCertificate: m.GetCertificate})
srv := grpc.NewServer(grpc.Creds(creds))
reflection.Register(srv)
Gert Cuykens
  • 6,845
  • 13
  • 50
  • 84