2

like Go:

func main() {
ln, _ := net.Listen("tcp",":443")
ln = tls.NewListener(ln, &tls.Config{
    GetCertificate: func (info *clientHelloInfo) (Certificate, error) {
        // from db or dynamic generate a certificate use "info.ServerName"
        cert := generateX509Certificate(info.ServerName)
        return cert, nil
    }
})
}

In Go I can implement that the first time a domain is accessed (or even a concurrent request) only one goroutine is responsible for generating the certificate, and then when that is done, all connections are immediately successful.

No idea. Since Spring is called through Netty, but don't know how to modify the Netty behavior of Spring.

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
cevin
  • 43
  • 5
  • https://stackoverflow.com/questions/11383898/how-to-create-a-x509-certificate-using-java , REF @Bastian Voigt his answer. – life888888 Jan 04 '23 at 14:27
  • @life888888 Sorry, I just started learning java. i see the code seems to just generate a certificate, and then? will this just generated certificate be automatically called by sslsocket during the handshake? Like go, I can intuitively understand that this is bound to the tls listener and can clearly see that the method will be called only during the handshake, java is generated elsewhere and then automatically called during the handshake? – cevin Jan 04 '23 at 14:43

0 Answers0