tlsconfig | more convenient package to create tls.Config | TLS library

the answer is in the crypto library: https://pkg.go.dev/crypto/tls

these papers might be useful:

https://developpaper.com/the-principle-of-https-and-golang-specifies-the-https-cipher-suite/

and

https://eli.thegreenplace.net/2021/go-https-servers-with-tls/

You will need to build your own server and client. TLSlistenandserve is an abstraction. you will have to build your own listenandserve.

As @rodolfo has suggested, I reproduce the solution mentioned on Github as it might help someone else.

Apparently using // #nosec G402 on the same line as the if statement fixes the problem:

It's seems your code have many mistake. And, It's very obvious you are getting syntax error. I am sure you would have got the line number in the console where actually these syntax error has occurred.

Please understand the syntax of Golang and also how to call the functions and how many parameter should i pass to those functions.

There are few mistakes i would like to point out after reviewing your code.

The problem seems to be in your docker-compose.yaml. You only forward port 9090. though SSL needs 443.

Like this, it should work:

The issue was that the metrics server was not scheduled on Master Node. Therefore, I added to the Metrics Server Deployment a toleration and Node scheduler:

Based on a quick review of your code this is what I believe is happening (as you have not provided all of the code there is a little guesswork involved):

1. main() calls InitializeBroker which creates two connections to the broker. The default publish handler is set to firstPubHandler and in the OnConnect handler you subscribe to SubClientId+"/id/Certificate
2. When a message is received (firstPubHandler) you grab a certificate from the message and use it to establish a new set of connections to the broker using the same client IDs but different OnConnect/default publish handler.

So after point 2 you actually have two separate sets of connections to the broker (4 connections in total). However MQTT-3.1.4-2 (see the spec) states:

If the ClientId represents a Client already connected to the Server then the Server MUST disconnect the existing Client.

So when the second set of connections are established the broker will drop the first set of connections. This is the 'EOF' disconnection you are seeing. The second set of connections will still be up. As you are using the same connectLostHandler for the first and second sets of connections you cannot see which connection is being terminated in the logs.

In summary I believe your code is actually working. However you probably should call c.Disconnect() in firstConnectHandler so that the initial connection is cleanly closed before you establish the second set of connections. You would also need to store the publisher somewhere so you can disconnect that connection at the same time.

Note: I'm struggling to understand why you are doing this. Establishing an initial connection to retrieve a certificate appears to decrease the overall security of your system. The standard apprach would be to give each client a unique certificate and then use ACL's on the broker to apply whatever restrictions are necessary. With many brokers you can use the certificate common-name in ACL's (thus removing the need for a second connection).

but it still does not use the proxy settings

That should mean it never goes into

Just create two Server instances and run them both, one with ListenAndServe and one with ListenAndServeTLS, configured with the same routes. Because HTTP and HTTPS operate on different ports, they have to have different listeners, but both listeners can use the same (or different) handlers. For example:

Take a look at https://pkg.go.dev/crypto/tls#Config

It configures many things for TLS, but not server key and cert. So it's not actually redundant to specify them to ServeTLS