вт, 30 апр. 2019 г. в 23:01, Marcin Romaszewicz <marc...@gmail.com>: > > Look at the ""crypto/x509" package, specifically at CertPool. You would load > your CA public cert and intermediate cert's into a CertPool. > > Once you have a CertPool, you can use it in tls.Config to configure your TLS > connections. Given a valid certificate chain, Go will automatically validate > server TLS certificates. If you want client cert validation, you have to > enable it (https://golang.org/src/crypto/tls/common.go?s=8208:8231#L227) > > Is that what you were looking for? >
Thanks looks fine, but does i need to always have root ca to trust intermediate certs? Or if i have custom validation in tls.Config i don't need it? For example i'm pass root ca fingerprint to service, does it possible to trust all intermediates if they issued by root CA that have the same fingerprint ? -- Vasiliy Tolstov, e-mail: v.tols...@selfip.ru -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.