Re: [go-nuts] Mutual tls example

Sun, 21 Apr 2019 05:23:19 -0700 

I did a while ago, but I can't share a sample. But you can build one,
provided that:

1. build your server as such (note the ClientAuth - thats where magic
happens):

...
        rootCAs, _ := x509.SystemCertPool()

        if nil == rootCAs {
                rootCAs = x509.NewCertPool()
        }

        cfg := &tls.Config{
                MinVersion: tls.VersionSSL30,
                /*
                        CurvePreferences:
 []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
                        PreferServerCipherSuites: true,
                        CipherSuites: []uint16{
                                tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                                tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                                tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
                                tls.TLS_RSA_WITH_AES_256_CBC_SHA,
                        },
                */
                ClientAuth: tls.VerifyClientCertIfGiven,
                RootCAs:    rootCAs,
        }

        cert, err := tls.LoadX509KeyPair(*publicCertificate, *privateKey)

...



        srv := &http.Server{
                Addr:         ":8043",
                Handler:
handlers.RecoveryHandler(handlers.PrintRecoveryStack(true))(r),
                TLSConfig:    cfg,
                TLSNextProto: make(map[string]func(*http.Server, *tls.Conn,
http.Handler), 0),
        }

        log.Fatal(srv.ListenAndServeTLS(*publicCertificate, *privateKey))


2. Look into http.Request, under TLS.PeerCertificates array
--
-- Aldrin Leal, <ald...@leal.eng.br> / https://ingenieux.io/about/


On Sun, Apr 21, 2019 at 7:09 AM Vasiliy Tolstov <v.tols...@selfip.ru> wrote:

> Hi, I'm try to find mutual tls example in go, but can't find simple
> example that uses crypto/tls. I need server that for some http handler for
> user request with token returns tls cert for communication, and client that
> uses this cert to communication after it returned from request. Ideally
> with ability to rotate keys on client before previous expired.
> Does anybody knows it?
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to