feat:根据SNI返回SSL证书

2025-08-08 06:32:04 +08:00 · 2023-04-17 11:07:39 +00:00
parent 8798de0d6d
commit 609a893feb
4 changed files with 74 additions and 9 deletions
--- a/server/admin/api_cert.go
+++ b/server/admin/api_cert.go
@@ -46,7 +46,7 @@ func CustomCert(w http.ResponseWriter, r *http.Request) {
 		RespError(w, RespInternalErr, fmt.Sprintf("证书不合法，请重新上传:%v", err))
 		return
 	} else {
-		dbdata.TLSCert = tlscert
+		dbdata.LoadCertificate(tlscert)
 	}
 	RespSucess(w, "上传成功")
 }
--- a/server/admin/server.go
+++ b/server/admin/server.go
@@ -104,7 +104,7 @@ func StartAdmin() {
 		base.Error(err)
 		return
 	} else {
-		dbdata.TLSCert = tlscert
+		dbdata.LoadCertificate(tlscert)
 	}

 	// 设置tls信息
@@ -112,8 +112,8 @@ func StartAdmin() {
 		NextProtos:   []string{"http/1.1"},
 		MinVersion:   tls.VersionTLS12,
 		CipherSuites: selectedCipherSuites,
-		GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
-			return dbdata.TLSCert, nil
+		GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
+			return dbdata.GetCertificateBySNI(chi.ServerName)
 		},
 	}
 	srv := &http.Server{