1.Add Mutual HTTPS Option!

grace/server.go

@@ -2,7 +2,9 @@ package grace
 
 import (
 	"crypto/tls"
+	"crypto/x509"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"net"
 	"net/http"
@@ -129,6 +131,61 @@ func (srv *Server) ListenAndServeTLS(certFile, keyFile string) (err error) {
 	return srv.Serve()
 }
 
+//ListenAndServeMutualTLS
+func (srv *Server) ListenAndServeMutualTLS(certFile, keyFile, trustFile string) (err error) {
+	addr := srv.Addr
+	if addr == "" {
+		addr = ":https"
+	}
+
+	if srv.TLSConfig == nil {
+		srv.TLSConfig = &tls.Config{}
+	}
+	if srv.TLSConfig.NextProtos == nil {
+		srv.TLSConfig.NextProtos = []string{"http/1.1"}
+	}
+
+	srv.TLSConfig.Certificates = make([]tls.Certificate, 1)
+	srv.TLSConfig.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
+	if err != nil {
+		return
+	}
+	srv.TLSConfig.ClientAuth = tls.RequireAndVerifyClientCert
+	pool := x509.NewCertPool()
+	data, err := ioutil.ReadFile(trustFile)
+	if err != nil {
+		log.Println(err)
+		return err
+	}
+	pool.AppendCertsFromPEM(data)
+	srv.TLSConfig.ClientCAs = pool
+	log.Println("Mutual HTTPS")
+	go srv.handleSignals()
+
+	l, err := srv.getListener(addr)
+	if err != nil {
+		log.Println(err)
+		return err
+	}
+
+	srv.tlsInnerListener = newGraceListener(l, srv)
+	srv.GraceListener = tls.NewListener(srv.tlsInnerListener, srv.TLSConfig)
+
+	if srv.isChild {
+		process, err := os.FindProcess(os.Getppid())
+		if err != nil {
+			log.Println(err)
+			return err
+		}
+		err = process.Kill()
+		if err != nil {
+			return err
+		}
+	}
+	log.Println(os.Getpid(), srv.Addr)
+	return srv.Serve()
+}
+
 // getListener either opens a new socket to listen on, or takes the acceptor socket
 // it got passed when restarted.
 func (srv *Server) getListener(laddr string) (l net.Listener, err error) {