subfuzion · July 15, 2016 01:54 · Jun 29, 2016 · Jun 25, 2016 · Jun 25, 2016 · Jun 24, 2016
diff --git a/golang-tls.md b/golang-tls.md
@@ -195,4 +195,5 @@ Reference Link
 * https://www.openssl.org/docs/manmaster/apps/ec.html
 * https://www.openssl.org/docs/manmaster/apps/req.html
 * https://digitalelf.net/2016/02/creating-ssl-certificates-in-3-easy-steps/
-* http://www.kaihag.com/https-and-go/
+* http://www.kaihag.com/https-and-go/
+* https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/
diff --git a/golang-tls.md b/golang-tls.md
@@ -194,4 +194,5 @@ Reference Link
 * https://www.openssl.org/docs/manmaster/apps/ecparam.html
 * https://www.openssl.org/docs/manmaster/apps/ec.html
 * https://www.openssl.org/docs/manmaster/apps/req.html
-* https://digitalelf.net/2016/02/creating-ssl-certificates-in-3-easy-steps/
+* https://digitalelf.net/2016/02/creating-ssl-certificates-in-3-easy-steps/
+* http://www.kaihag.com/https-and-go/
diff --git a/golang-tls.md b/golang-tls.md
@@ -44,7 +44,7 @@ func main() {
 Hint: visit, please do not forget to use https begins,otherwise chrome will download a file as follows:
 
 ```bash
-dotcoo-air:tls dotcoo$ cat /Users/dotcoo/Downloads/hello | xxd
+dotcoo-air:tls dotcoo$ cat ~/Downloads/hello | xxd
 0000000: 1503 0100 0202 0a                        .......
 ```
 

diff --git a/golang-tls.md b/golang-tls.md
@@ -173,7 +173,7 @@ ln -sf server.rsa.crt server.crt
 #### Generating the Certficate Signing Request
 
     openssl req -new -sha256 -key server.key -out server.csr
-    openssl x509 -req -sha256 -in server.csr -signkey server.key -out server.crt -days 365
+    openssl x509 -req -sha256 -in server.csr -signkey server.key -out server.crt -days 3650
 
 ECDSA & RSA — FAQ
 ---

diff --git a/golang-tls.md b/golang-tls.md
@@ -155,6 +155,7 @@ func main() {
 # RSA recommendation key ≥ 2048-bit
 openssl req -x509 -nodes -newkey ec:secp384r1 -keyout server.ecdsa.key -out server.ecdsa.crt -days 3650
 # openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout server.ecdsa.key -out server.ecdsa.crt -days 3650
+# -pkeyopt ec_paramgen_curve:… / ec:<(openssl ecparam -name …) / -newkey ec:…
 ln -sf server.ecdsa.key server.key
 ln -sf server.ecdsa.crt server.crt
 
@@ -172,6 +173,7 @@ ln -sf server.rsa.crt server.crt
 #### Generating the Certficate Signing Request
 
     openssl req -new -sha256 -key server.key -out server.csr
+    openssl x509 -req -sha256 -in server.csr -signkey server.key -out server.crt -days 365
 
 ECDSA & RSA — FAQ
 ---

diff --git a/golang-tls.md b/golang-tls.md
@@ -9,7 +9,7 @@ openssl genrsa -out server.key 2048
 openssl ecparam -genkey -name secp384r1 -out server.key
 ```
 
-##### Generation of self-sign public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
+##### Generation of self-signed(x509) public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
 
 ```sh
 openssl req -new -x509 -sha256 -key server.key -out server.pem -days 3650

diff --git a/golang-tls.md b/golang-tls.md
@@ -34,7 +34,7 @@ func HelloServer(w http.ResponseWriter, req *http.Request) {
 
 func main() {
     http.HandleFunc("/hello", HelloServer)
-    err := http.ListenAndServeTLS(":443", "cert.pem", "key.pem", nil)
+    err := http.ListenAndServeTLS(":443", "server.crt", "server.key", nil)
     if err != nil {
         log.Fatal("ListenAndServe: ", err)
     }
@@ -63,7 +63,7 @@ import (
 func main() {
     log.SetFlags(log.Lshortfile)
 
-    cer, err := tls.LoadX509KeyPair("server.pem", "server.key")
+    cer, err := tls.LoadX509KeyPair("server.crt", "server.key")
     if err != nil {
         log.Println(err)
         return

diff --git a/golang-tls.md b/golang-tls.md
@@ -6,7 +6,7 @@ openssl genrsa -out server.key 2048
 
 # Key considerations for algorithm "ECDSA" ≥ secp384r1
 # List ECDSA the supported curves (openssl ecparam -list_curves)
-openssl ecparam -genkey -name secp384r1 -keyout server.key
+openssl ecparam -genkey -name secp384r1 -out server.key
 ```
 
 ##### Generation of self-sign public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)

diff --git a/golang-tls.md b/golang-tls.md
@@ -12,7 +12,7 @@ openssl ecparam -genkey -name secp384r1 -keyout server.key
 ##### Generation of self-sign public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
 
 ```sh
-openssl req -new -sha256 -key server.key -out server.pem -days 3650
+openssl req -new -x509 -sha256 -key server.key -out server.pem -days 3650
 ```
 
 ---

diff --git a/golang-tls.md b/golang-tls.md
@@ -6,13 +6,13 @@ openssl genrsa -out server.key 2048
 
 # Key considerations for algorithm "ECDSA" ≥ secp384r1
 # List ECDSA the supported curves (openssl ecparam -list_curves)
-openssl ecparam -name secp384r1 -genkey -keyout server.key
+openssl ecparam -genkey -name secp384r1 -keyout server.key
 ```
-    
+
 ##### Generation of self-sign public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
 
 ```sh
-openssl req -new -x509 -key server.key -out server.pem -days 3650
+openssl req -new -sha256 -key server.key -out server.pem -days 3650
 ```
 
 ---
@@ -169,6 +169,10 @@ ln -sf server.rsa.crt server.crt
 `.der` — The DER extension is used for binary DER encoded certificates.  
 `.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line.
 
+#### Generating the Certficate Signing Request
+
+    openssl req -new -sha256 -key server.key -out server.csr
+
 ECDSA & RSA — FAQ
 ---
 * Validate the elliptic curve parameters `-check`
@@ -187,4 +191,5 @@ Reference Link
 * https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/
 * https://www.openssl.org/docs/manmaster/apps/ecparam.html
 * https://www.openssl.org/docs/manmaster/apps/ec.html
-* https://www.openssl.org/docs/manmaster/apps/req.html
+* https://www.openssl.org/docs/manmaster/apps/req.html
+* https://digitalelf.net/2016/02/creating-ssl-certificates-in-3-easy-steps/
diff --git a/golang-tls.md b/golang-tls.md
@@ -149,15 +149,7 @@ func main() {
 }
 ```
 
-ECDSA & RSA — FAQ
----
-* Validate the elliptic curve parameters `-check`
-* List "ECDSA" the supported curves `openssl ecparam -list_curves`
-* Encoding to explicit "ECDSA" `-param_enc explicit`
-* Conversion form to compressed "ECDSA" `-conv_form compressed`
-* "EC" parameters and a private key `-genkey`
-
-### Generation of self-sign a certificate with a private (`.key`) and public key (PEM-encodings `.pem`|`.crt`) in one command:
+#### Generation of self-sign a certificate with a private (`.key`) and public key (PEM-encodings `.pem`|`.crt`) in one command:
 
 ```sh
 # RSA recommendation key ≥ 2048-bit
@@ -177,6 +169,14 @@ ln -sf server.rsa.crt server.crt
 `.der` — The DER extension is used for binary DER encoded certificates.  
 `.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line.
 
+ECDSA & RSA — FAQ
+---
+* Validate the elliptic curve parameters `-check`
+* List "ECDSA" the supported curves `openssl ecparam -list_curves`
+* Encoding to explicit "ECDSA" `-param_enc explicit`
+* Conversion form to compressed "ECDSA" `-conv_form compressed`
+* "EC" parameters and a private key `-genkey`
+
 Reference Link
 ---
 * http://superuser.com/a/226229/205366

diff --git a/golang-tls.md b/golang-tls.md
@@ -1,5 +1,3 @@
----
-
 ##### Generate private key (.key)
 
 ```sh

diff --git a/golang-tls.md b/golang-tls.md
@@ -2,16 +2,20 @@
 
 ##### Generate private key (.key)
 
-    # Key considerations for algorithm "RSA" ≥ 2048-bit
-    openssl genrsa -out server.key 2048
+```sh
+# Key considerations for algorithm "RSA" ≥ 2048-bit
+openssl genrsa -out server.key 2048
     
-    # Key considerations for algorithm "ECDSA" ≥ secp384r1
-    # List ECDSA the supported curves (openssl ecparam -list_curves)
-    openssl ecparam -name secp384r1 -genkey -keyout server.key
+# Key considerations for algorithm "ECDSA" ≥ secp384r1
+# List ECDSA the supported curves (openssl ecparam -list_curves)
+openssl ecparam -name secp384r1 -genkey -keyout server.key
+```
 
 ##### Generation of self-sign public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
 
-    openssl req -new -x509 -key server.key -out server.pem -days 3650
+```sh
+openssl req -new -x509 -key server.key -out server.pem -days 3650
+```
 
 ---
 
@@ -157,17 +161,19 @@ ECDSA & RSA — FAQ
 
 ### Generation of self-sign a certificate with a private (`.key`) and public key (PEM-encodings `.pem`|`.crt`) in one command:
 
-	# RSA recommendation key ≥ 2048-bit
-	openssl req -x509 -nodes -newkey ec:secp384r1 -keyout server.ecdsa.key -out server.ecdsa.crt -days 3650
-	# openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout server.ecdsa.key -out server.ecdsa.crt -days 3650
-	ln -sf server.ecdsa.key server.key
-	ln -sf server.ecdsa.crt server.crt
+```sh
+# RSA recommendation key ≥ 2048-bit
+openssl req -x509 -nodes -newkey ec:secp384r1 -keyout server.ecdsa.key -out server.ecdsa.crt -days 3650
+# openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout server.ecdsa.key -out server.ecdsa.crt -days 3650
+ln -sf server.ecdsa.key server.key
+ln -sf server.ecdsa.crt server.crt
 
-	# ECDSA recommendation key ≥ secp384r1
-	# List ECDSA the supported curves (openssl ecparam -list_curves)
-	openssl req -x509 -nodes -newkey rsa:2048 -keyout server.rsa.key -out server.rsa.crt -days 3650
-	ln -sf server.rsa.key server.key
-	ln -sf server.rsa.crt server.crt
+# ECDSA recommendation key ≥ secp384r1
+# List ECDSA the supported curves (openssl ecparam -list_curves)
+openssl req -x509 -nodes -newkey rsa:2048 -keyout server.rsa.key -out server.rsa.crt -days 3650
+ln -sf server.rsa.key server.key
+ln -sf server.rsa.crt server.crt
+```
 
 `.crt` (synonymous most common among *nix systems)  
 `.der` — The DER extension is used for binary DER encoded certificates.  

diff --git a/golang-tls.md b/golang-tls.md
@@ -1,6 +1,6 @@
 ---
 
-#### Generate private key (.key)
+##### Generate private key (.key)
 
     # Key considerations for algorithm "RSA" ≥ 2048-bit
     openssl genrsa -out server.key 2048
@@ -9,7 +9,7 @@
     # List ECDSA the supported curves (openssl ecparam -list_curves)
     openssl ecparam -name secp384r1 -genkey -keyout server.key
 
-#### Generation of self-sign public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
+##### Generation of self-sign public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
 
     openssl req -new -x509 -key server.key -out server.pem -days 3650
 

diff --git a/golang-tls.md b/golang-tls.md
@@ -1,11 +1,20 @@
-#### Generate private key with min. length 2048-bit RSA key (.key)
+---
 
-    openssl genrsa -out server.key 2048
+#### Generate private key (.key)
 
-#### Generation of self-sign public key  (PEM (`.pem`) or CRT (`.crt`)) based on the private (`.key`)
+    # Key considerations for algorithm "RSA" ≥ 2048-bit
+    openssl genrsa -out server.key 2048
+
+    # Key considerations for algorithm "ECDSA" ≥ secp384r1
+    # List ECDSA the supported curves (openssl ecparam -list_curves)
+    openssl ecparam -name secp384r1 -genkey -keyout server.key
+
+#### Generation of self-sign public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
 
     openssl req -new -x509 -key server.key -out server.pem -days 3650
 
+---
+
 #### Simple Golang HTTPS/TLS Server
 
 ```go
@@ -138,9 +147,40 @@ func main() {
 }
 ```
 
-Reference links
+ECDSA & RSA — FAQ
+---
+* Validate the elliptic curve parameters `-check`
+* List "ECDSA" the supported curves `openssl ecparam -list_curves`
+* Encoding to explicit "ECDSA" `-param_enc explicit`
+* Conversion form to compressed "ECDSA" `-conv_form compressed`
+* "EC" parameters and a private key `-genkey`
+
+### Generation of self-sign a certificate with a private (`.key`) and public key (PEM-encodings `.pem`|`.crt`) in one command:
+
+	# RSA recommendation key ≥ 2048-bit
+	openssl req -x509 -nodes -newkey ec:secp384r1 -keyout server.ecdsa.key -out server.ecdsa.crt -days 3650
+	# openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout server.ecdsa.key -out server.ecdsa.crt -days 3650
+	ln -sf server.ecdsa.key server.key
+	ln -sf server.ecdsa.crt server.crt
+
+	# ECDSA recommendation key ≥ secp384r1
+	# List ECDSA the supported curves (openssl ecparam -list_curves)
+	openssl req -x509 -nodes -newkey rsa:2048 -keyout server.rsa.key -out server.rsa.crt -days 3650
+	ln -sf server.rsa.key server.key
+	ln -sf server.rsa.crt server.crt
+
+`.crt` (synonymous most common among *nix systems)  
+`.der` — The DER extension is used for binary DER encoded certificates.  
+`.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line.
+
+Reference Link
 ---
 * http://superuser.com/a/226229/205366
 * https://gist.github.com/spikebike/2232102
 * http://echo.labstack.com/guide/
-* https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go
+* https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go
+* https://kjur.github.io/jsrsasign/sample-ecdsa.html
+* https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/
+* https://www.openssl.org/docs/manmaster/apps/ecparam.html
+* https://www.openssl.org/docs/manmaster/apps/ec.html
+* https://www.openssl.org/docs/manmaster/apps/req.html
diff --git a/golang-tls.md b/golang-tls.md
@@ -2,7 +2,7 @@
 
     openssl genrsa -out server.key 2048
 
-#### Generation of self-sign public key based on the private (PEM (`.pem`) / CRT (`.crt`))
+#### Generation of self-sign public key  (PEM (`.pem`) or CRT (`.crt`)) based on the private (`.key`)
 
     openssl req -new -x509 -key server.key -out server.pem -days 3650
 

diff --git a/golang-tls.md b/golang-tls.md
@@ -1,12 +1,12 @@
-#### Generated private key
+#### Generate private key with min. length 2048-bit RSA key (.key)
 
     openssl genrsa -out server.key 2048
 
-#### To generate a certificate
+#### Generation of self-sign public key based on the private (PEM (`.pem`) / CRT (`.crt`))
 
     openssl req -new -x509 -key server.key -out server.pem -days 3650
 
-#### https
+#### Simple Golang HTTPS/TLS Server
 
 ```go
 package main
@@ -37,7 +37,7 @@ dotcoo-air:tls dotcoo$ cat /Users/dotcoo/Downloads/hello | xxd
 0000000: 1503 0100 0202 0a                        .......
 ```
 
-#### TLS Server
+#### TLS (transport layer security) — `Server`
 
 ```go
 package main
@@ -97,7 +97,7 @@ func handleConnection(conn net.Conn) {
 }
 ```
 
-#### TLS Client
+#### TLS (transport layer security) — `Client`
 
 ```go
 package main
@@ -138,10 +138,9 @@ func main() {
 }
 ```
 
-
-Links
+Reference links
 ---
-- http://superuser.com/a/226229/205366
-- https://gist.github.com/spikebike/2232102
-- http://echo.labstack.com/guide/
-- https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go
+* http://superuser.com/a/226229/205366
+* https://gist.github.com/spikebike/2232102
+* http://echo.labstack.com/guide/
+* https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go
diff --git a/golang-tls.md b/golang-tls.md
@@ -143,4 +143,5 @@ Links
 ---
 - http://superuser.com/a/226229/205366
 - https://gist.github.com/spikebike/2232102
-- http://echo.labstack.com/guide/
+- http://echo.labstack.com/guide/
+- https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go
diff --git a/golang-tls.md b/golang-tls.md
@@ -139,5 +139,8 @@ func main() {
 ```
 
 
-##### Links
-* http://superuser.com/a/226229/205366
+Links
+---
+- http://superuser.com/a/226229/205366
+- https://gist.github.com/spikebike/2232102
+- http://echo.labstack.com/guide/
diff --git a/golang-tls.md b/golang-tls.md
@@ -136,4 +136,8 @@ func main() {
 
     println(string(buf[:n]))
 }
-```
+```
+
+
+##### Links
+* http://superuser.com/a/226229/205366
diff --git a/client.go b/client.go
@@ -1,43 +0,0 @@
-package main
-
-import (
-    "crypto/tls"
-    "crypto/x509"
-    "fmt"
-    "io"
-    "log"
-)
-
-func main() {
-    cert, err := tls.LoadX509KeyPair("certs/client.pem", "certs/client.key")
-    if err != nil {
-        log.Fatalf("server: loadkeys: %s", err)
-    }
-    config := tls.Config{Certificates: []tls.Certificate{cert}, InsecureSkipVerify: true}
-    conn, err := tls.Dial("tcp", "127.0.0.1:8000", &config)
-    if err != nil {
-        log.Fatalf("client: dial: %s", err)
-    }
-    defer conn.Close()
-    log.Println("client: connected to: ", conn.RemoteAddr())
-
-    state := conn.ConnectionState()
-    for _, v := range state.PeerCertificates {
-        fmt.Println(x509.MarshalPKIXPublicKey(v.PublicKey))
-        fmt.Println(v.Subject)
-    }
-    log.Println("client: handshake: ", state.HandshakeComplete)
-    log.Println("client: mutual: ", state.NegotiatedProtocolIsMutual)
-
-    message := "Hello\n"
-    n, err := io.WriteString(conn, message)
-    if err != nil {
-        log.Fatalf("client: write: %s", err)
-    }
-    log.Printf("client: wrote %q (%d bytes)", message, n)
-
-    reply := make([]byte, 256)
-    n, err = conn.Read(reply)
-    log.Printf("client: read %q (%d bytes)", string(reply[:n]), n)
-    log.Print("client: exiting")
-}

diff --git a/golang-tls.md b/golang-tls.md
@@ -0,0 +1,139 @@
+#### Generated private key
+
+    openssl genrsa -out server.key 2048
+
+#### To generate a certificate
+
+    openssl req -new -x509 -key server.key -out server.pem -days 3650
+
+#### https
+
+```go
+package main
+
+import (
+    "io"
+    "net/http"
+    "log"
+)
+
+func HelloServer(w http.ResponseWriter, req *http.Request) {
+    io.WriteString(w, "hello, world!\n")
+}
+
+func main() {
+    http.HandleFunc("/hello", HelloServer)
+    err := http.ListenAndServeTLS(":443", "cert.pem", "key.pem", nil)
+    if err != nil {
+        log.Fatal("ListenAndServe: ", err)
+    }
+}
+```
+
+Hint: visit, please do not forget to use https begins,otherwise chrome will download a file as follows:
+
+```bash
+dotcoo-air:tls dotcoo$ cat /Users/dotcoo/Downloads/hello | xxd
+0000000: 1503 0100 0202 0a                        .......
+```
+
+#### TLS Server
+
+```go
+package main
+
+import (
+    "log"
+    "crypto/tls"
+    "net"
+    "bufio"
+)
+
+func main() {
+    log.SetFlags(log.Lshortfile)
+
+    cer, err := tls.LoadX509KeyPair("server.pem", "server.key")
+    if err != nil {
+        log.Println(err)
+        return
+    }
+
+    config := &tls.Config{Certificates: []tls.Certificate{cer}}
+    ln, err := tls.Listen("tcp", ":443", config) 
+    if err != nil {
+        log.Println(err)
+        return
+    }
+    defer ln.Close()
+
+    for {
+        conn, err := ln.Accept()
+        if err != nil {
+            log.Println(err)
+            continue
+        }
+        go handleConnection(conn)
+    }
+}
+
+func handleConnection(conn net.Conn) {
+    defer conn.Close()
+    r := bufio.NewReader(conn)
+    for {
+        msg, err := r.ReadString('\n')
+        if err != nil {
+            log.Println(err)
+            return
+        }
+
+        println(msg)
+
+        n, err := conn.Write([]byte("world\n"))
+        if err != nil {
+            log.Println(n, err)
+            return
+        }
+    }
+}
+```
+
+#### TLS Client
+
+```go
+package main
+
+import (
+    "log"
+    "crypto/tls"
+)
+
+func main() {
+    log.SetFlags(log.Lshortfile)
+
+    conf := &tls.Config{
+        InsecureSkipVerify: true,
+    }
+
+    conn, err := tls.Dial("tcp", "127.0.0.1:8000", conf)
+    if err != nil {
+        log.Println(err)
+        return
+    }
+    defer conn.Close()
+
+    n, err := conn.Write([]byte("hello\n"))
+    if err != nil {
+        log.Println(n, err)
+        return
+    }
+
+    buf := make([]byte, 100)
+    n, err = conn.Read(buf)
+    if err != nil {
+        log.Println(n, err)
+        return
+    }
+
+    println(string(buf[:n]))
+}
+```
diff --git a/makecert.sh b/makecert.sh
@@ -1,10 +0,0 @@
-#!/bin/bash
-# call this script with an email address (valid or not).
-# like:
-# ./makecert.sh [email protected]
-mkdir certs
-rm certs/*
-echo "make server cert"
-openssl req -new -nodes -x509 -out certs/server.pem -keyout certs/server.key -days 3650 -subj "/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=www.random.com/emailAddress=$1"
-echo "make client cert"
-openssl req -new -nodes -x509 -out certs/client.pem -keyout certs/client.key -days 3650 -subj "/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=www.random.com/emailAddress=$1"

diff --git a/server.go b/server.go
@@ -1,68 +0,0 @@
-package main
-
-import (
-    "crypto/rand"
-    "crypto/tls"
-    "log"
-    "net"
-    "crypto/x509"
-)
-
-func main() {
-    cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key")
-    if err != nil {
-        log.Fatalf("server: loadkeys: %s", err)
-    }
-    config := tls.Config{Certificates: []tls.Certificate{cert}}
-    config.Rand = rand.Reader
-    service := "0.0.0.0:8000"
-    listener, err := tls.Listen("tcp", service, &config)
-    if err != nil {
-        log.Fatalf("server: listen: %s", err)
-    }
-    log.Print("server: listening")
-    for {
-        conn, err := listener.Accept()
-        if err != nil {
-            log.Printf("server: accept: %s", err)
-            break
-        }
-        defer conn.Close()
-        log.Printf("server: accepted from %s", conn.RemoteAddr())
-        tlscon, ok := conn.(*tls.Conn)
-        if ok {
-            log.Print("ok=true")
-            state := tlscon.ConnectionState()
-            for _, v := range state.PeerCertificates {
-                log.Print(x509.MarshalPKIXPublicKey(v.PublicKey))
-            }
-        }
-        go handleClient(conn)
-    }
-}
-
-func handleClient(conn net.Conn) {
-    defer conn.Close()
-    buf := make([]byte, 512)
-    for {
-        log.Print("server: conn: waiting")
-        n, err := conn.Read(buf)
-        if err != nil {
-            if err != nil {
-                log.Printf("server: conn: read: %s", err)
-            }
-            break
-        }
-        log.Printf("server: conn: echo %q\n", string(buf[:n]))
-        n, err = conn.Write(buf[:n])
-
-        n, err = conn.Write(buf[:n])
-        log.Printf("server: conn: wrote %d bytes", n)
-
-        if err != nil {
-            log.Printf("server: write: %s", err)
-            break
-        }
-    }
-    log.Println("server: conn: closed")
-}

diff --git a/makecert.sh b/makecert.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
 # call this script with an email address (valid or not).
+# like:
+# ./makecert.sh [email protected]
 mkdir certs
 rm certs/*
 echo "make server cert"

diff --git a/makecert.sh b/makecert.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+# call this script with an email address (valid or not).
 mkdir certs
 rm certs/*
 echo "make server cert"

diff --git a/server.go b/server.go
@@ -32,11 +32,11 @@ func main() {
         tlscon, ok := conn.(*tls.Conn)
         if ok {
             log.Print("ok=true")
+            state := tlscon.ConnectionState()
+            for _, v := range state.PeerCertificates {
+                log.Print(x509.MarshalPKIXPublicKey(v.PublicKey))
+            }
         }
-        state := tlscon.ConnectionState()
-        for _, v := range state.PeerCertificates {
-            log.Print(x509.MarshalPKIXPublicKey(v.PublicKey))
-        }   
         go handleClient(conn)
     }
 }

diff --git a/client.go b/client.go
@@ -1,46 +1,43 @@
 package main
 
 import (
-	"crypto/tls"
-	"crypto/x509"
-	"fmt"
-	"io"
-	"log"
+    "crypto/tls"
+    "crypto/x509"
+    "fmt"
+    "io"
+    "log"
 )
 
 func main() {
-	cert, err := tls.LoadX509KeyPair("certs/client.pem", "certs/client.key")
-	if err != nil {
-		log.Fatalf("server: loadkeys: %s", err)
-	}
-	config := tls.Config{Certificates: []tls.Certificate{cert}, InsecureSkipVerify: true}
-	conn, err := tls.Dial("tcp", "127.0.0.1:8000", &config)
-	if err != nil {
-		log.Fatalf("client: dial: %s", err)
-	}
-	defer conn.Close()
-	log.Println("client: connected to: ", conn.RemoteAddr())
+    cert, err := tls.LoadX509KeyPair("certs/client.pem", "certs/client.key")
+    if err != nil {
+        log.Fatalf("server: loadkeys: %s", err)
+    }
+    config := tls.Config{Certificates: []tls.Certificate{cert}, InsecureSkipVerify: true}
+    conn, err := tls.Dial("tcp", "127.0.0.1:8000", &config)
+    if err != nil {
+        log.Fatalf("client: dial: %s", err)
+    }
+    defer conn.Close()
+    log.Println("client: connected to: ", conn.RemoteAddr())
 
-	state := conn.ConnectionState()
-	for _, v := range state.PeerCertificates {
-		fmt.Println(x509.MarshalPKIXPublicKey(v.PublicKey))
-		fmt.Println(v.EmailAddresses)
-		fmt.Println(v.DNSNames)
-		fmt.Println("subject")
-		fmt.Println(v.Subject)
-	}
-	log.Println("client: handshake: ", state.HandshakeComplete)
-	log.Println("client: mutual: ", state.NegotiatedProtocolIsMutual)
+    state := conn.ConnectionState()
+    for _, v := range state.PeerCertificates {
+        fmt.Println(x509.MarshalPKIXPublicKey(v.PublicKey))
+        fmt.Println(v.Subject)
+    }
+    log.Println("client: handshake: ", state.HandshakeComplete)
+    log.Println("client: mutual: ", state.NegotiatedProtocolIsMutual)
 
-	message := "Hello\n"
-	n, err := io.WriteString(conn, message)
-	if err != nil {
-		log.Fatalf("client: write: %s", err)
-	}
-	log.Printf("client: wrote %q (%d bytes)", message, n)
+    message := "Hello\n"
+    n, err := io.WriteString(conn, message)
+    if err != nil {
+        log.Fatalf("client: write: %s", err)
+    }
+    log.Printf("client: wrote %q (%d bytes)", message, n)
 
-	reply := make([]byte, 256)
-	n, err = conn.Read(reply)
-	log.Printf("client: read %q (%d bytes)", string(reply[:n]), n)
-	log.Print("client: exiting")
+    reply := make([]byte, 256)
+    n, err = conn.Read(reply)
+    log.Printf("client: read %q (%d bytes)", string(reply[:n]), n)
+    log.Print("client: exiting")
 }
diff --git a/server.go b/server.go
@@ -5,47 +5,44 @@ import (
     "crypto/tls"
     "log"
     "net"
+    "crypto/x509"
 )
 
 func main() {
-
     cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key")
     if err != nil {
         log.Fatalf("server: loadkeys: %s", err)
     }
     config := tls.Config{Certificates: []tls.Certificate{cert}}
-
     config.Rand = rand.Reader
-
     service := "0.0.0.0:8000"
-
     listener, err := tls.Listen("tcp", service, &config)
     if err != nil {
         log.Fatalf("server: listen: %s", err)
     }
-
     log.Print("server: listening")
     for {
         conn, err := listener.Accept()
-
         if err != nil {
             log.Printf("server: accept: %s", err)
             break
         }
         defer conn.Close()
         log.Printf("server: accepted from %s", conn.RemoteAddr())
-        tlscon, ok := conn.(tls.Conn)
-        if ok == true {
-            state := tlscon.ConnectionState()
+        tlscon, ok := conn.(*tls.Conn)
+        if ok {
+            log.Print("ok=true")
         }
-
+        state := tlscon.ConnectionState()
+        for _, v := range state.PeerCertificates {
+            log.Print(x509.MarshalPKIXPublicKey(v.PublicKey))
+        }   
         go handleClient(conn)
     }
 }
 
 func handleClient(conn net.Conn) {
     defer conn.Close()
-
     buf := make([]byte, 512)
     for {
         log.Print("server: conn: waiting")
@@ -55,9 +52,10 @@ func handleClient(conn net.Conn) {
                 log.Printf("server: conn: read: %s", err)
             }
             break
-
-       }
+        }
         log.Printf("server: conn: echo %q\n", string(buf[:n]))
+        n, err = conn.Write(buf[:n])
+
         n, err = conn.Write(buf[:n])
         log.Printf("server: conn: wrote %d bytes", n)
 

diff --git a/client.go b/client.go
@@ -0,0 +1,46 @@
+package main
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io"
+	"log"
+)
+
+func main() {
+	cert, err := tls.LoadX509KeyPair("certs/client.pem", "certs/client.key")
+	if err != nil {
+		log.Fatalf("server: loadkeys: %s", err)
+	}
+	config := tls.Config{Certificates: []tls.Certificate{cert}, InsecureSkipVerify: true}
+	conn, err := tls.Dial("tcp", "127.0.0.1:8000", &config)
+	if err != nil {
+		log.Fatalf("client: dial: %s", err)
+	}
+	defer conn.Close()
+	log.Println("client: connected to: ", conn.RemoteAddr())
+
+	state := conn.ConnectionState()
+	for _, v := range state.PeerCertificates {
+		fmt.Println(x509.MarshalPKIXPublicKey(v.PublicKey))
+		fmt.Println(v.EmailAddresses)
+		fmt.Println(v.DNSNames)
+		fmt.Println("subject")
+		fmt.Println(v.Subject)
+	}
+	log.Println("client: handshake: ", state.HandshakeComplete)
+	log.Println("client: mutual: ", state.NegotiatedProtocolIsMutual)
+
+	message := "Hello\n"
+	n, err := io.WriteString(conn, message)
+	if err != nil {
+		log.Fatalf("client: write: %s", err)
+	}
+	log.Printf("client: wrote %q (%d bytes)", message, n)
+
+	reply := make([]byte, 256)
+	n, err = conn.Read(reply)
+	log.Printf("client: read %q (%d bytes)", string(reply[:n]), n)
+	log.Print("client: exiting")
+}
diff --git a/makecert.sh b/makecert.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+mkdir certs
+rm certs/*
+echo "make server cert"
+openssl req -new -nodes -x509 -out certs/server.pem -keyout certs/server.key -days 3650 -subj "/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=www.random.com/emailAddress=$1"
+echo "make client cert"
+openssl req -new -nodes -x509 -out certs/client.pem -keyout certs/client.key -days 3650 -subj "/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=www.random.com/emailAddress=$1"
diff --git a/server.go b/server.go
@@ -0,0 +1,70 @@
+package main
+
+import (
+    "crypto/rand"
+    "crypto/tls"
+    "log"
+    "net"
+)
+
+func main() {
+
+    cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key")
+    if err != nil {
+        log.Fatalf("server: loadkeys: %s", err)
+    }
+    config := tls.Config{Certificates: []tls.Certificate{cert}}
+
+    config.Rand = rand.Reader
+
+    service := "0.0.0.0:8000"
+
+    listener, err := tls.Listen("tcp", service, &config)
+    if err != nil {
+        log.Fatalf("server: listen: %s", err)
+    }
+
+    log.Print("server: listening")
+    for {
+        conn, err := listener.Accept()
+
+        if err != nil {
+            log.Printf("server: accept: %s", err)
+            break
+        }
+        defer conn.Close()
+        log.Printf("server: accepted from %s", conn.RemoteAddr())
+        tlscon, ok := conn.(tls.Conn)
+        if ok == true {
+            state := tlscon.ConnectionState()
+        }
+
+        go handleClient(conn)
+    }
+}
+
+func handleClient(conn net.Conn) {
+    defer conn.Close()
+
+    buf := make([]byte, 512)
+    for {
+        log.Print("server: conn: waiting")
+        n, err := conn.Read(buf)
+        if err != nil {
+            if err != nil {
+                log.Printf("server: conn: read: %s", err)
+            }
+            break
+
+       }
+        log.Printf("server: conn: echo %q\n", string(buf[:n]))
+        n, err = conn.Write(buf[:n])
+        log.Printf("server: conn: wrote %d bytes", n)
+
+        if err != nil {
+            log.Printf("server: write: %s", err)
+            break
+        }
+    }
+    log.Println("server: conn: closed")
+}