I did a while ago, but I can't share a sample. But you can build one, provided that:
1. build your server as such (note the ClientAuth - thats where magic happens): ... rootCAs, _ := x509.SystemCertPool() if nil == rootCAs { rootCAs = x509.NewCertPool() } cfg := &tls.Config{ MinVersion: tls.VersionSSL30, /* CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256}, PreferServerCipherSuites: true, CipherSuites: []uint16{ tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, tls.TLS_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_RSA_WITH_AES_256_CBC_SHA, }, */ ClientAuth: tls.VerifyClientCertIfGiven, RootCAs: rootCAs, } cert, err := tls.LoadX509KeyPair(*publicCertificate, *privateKey) ... srv := &http.Server{ Addr: ":8043", Handler: handlers.RecoveryHandler(handlers.PrintRecoveryStack(true))(r), TLSConfig: cfg, TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0), } log.Fatal(srv.ListenAndServeTLS(*publicCertificate, *privateKey)) 2. Look into http.Request, under TLS.PeerCertificates array -- -- Aldrin Leal, <ald...@leal.eng.br> / https://ingenieux.io/about/ On Sun, Apr 21, 2019 at 7:09 AM Vasiliy Tolstov <v.tols...@selfip.ru> wrote: > Hi, I'm try to find mutual tls example in go, but can't find simple > example that uses crypto/tls. I need server that for some http handler for > user request with token returns tls cert for communication, and client that > uses this cert to communication after it returned from request. Ideally > with ability to rotate keys on client before previous expired. > Does anybody knows it? > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.