堆栈内存溢出
  简体   繁体   English

在 golang 中获取远程 ssl 证书

[英]Get remote ssl certificate in golang

 原文  2015-07-31 17:19:59       ssl/ go

问题描述

I want to receive a TCP connection over TLS.我想通过 TLS 接收 TCP 连接。 I want to validate client certificate and use it to authenticate the client to my application.我想验证客户端证书并使用它来验证客户端到我的应用程序。 Go has the standard crypto/tls package. Go 有标准的crypto/tls包。 It can validate client/server certificates.它可以验证客户端/服务器证书。 But I can't find way to get details of the remote (client) certificate, like the common name.但是我找不到获取远程(客户端)证书详细信息的方法,例如通用名称。

4 个解决方案

解决方案1
 13 已采纳  2015-11-21 01:59:24

Have to call crypto/tls/Conn.Handshake .必须调用crypto/tls/Conn.Handshake Then you can read peer certificate: tlsconn.ConnectionState().PeerCertificates[0].Subject.CommonName然后你可以读取对等证书:tlsconn.ConnectionState().PeerCertificates[0].Subject.CommonName

解决方案2
 5  2020-10-17 12:52:57

Following code may help you get your answer以下代码可能会帮助您获得答案

package main

import (
    "crypto/tls"
    "fmt"
    "log"
)

func main() {
    conf := &tls.Config{
        InsecureSkipVerify: true,
    }

    conn, err := tls.Dial("tcp", "www.google.com:443", conf)
    if err != nil {
        log.Println("Error in Dial", err)
        return
    }
    defer conn.Close()
    certs := conn.ConnectionState().PeerCertificates
    for _, cert := range certs {
        fmt.Printf("Issuer Name: %s\n", cert.Issuer)
        fmt.Printf("Expiry: %s \n", cert.NotAfter.Format("2006-January-02"))
        fmt.Printf("Common Name: %s \n", cert.Issuer.CommonName)

    }
}

解决方案3
 4  2015-11-20 21:30:21

When working with crypto/tls you can query any Conn object for ConnectionState:使用crypto/tls 时,您可以查询 ConnectionState 的任何 Conn 对象:

func (c *Conn) ConnectionState() ConnectionState

The ConnectionState struct contains information about the client certificate: ConnectionState 结构包含有关客户端证书的信息:

type ConnectionState struct {
        PeerCertificates            []*x509.Certificate   // certificate chain presented by remote peer
}

The x509.Certificate should be pretty straightforward to work with. x509.Certificate应该很容易使用。

Before the server requests for client authentication, you have to configure the connection with the server certificate, client CA (otherwise you will have to verify the trust chain manually, you really don't want that), and tls.RequireAndVerifyClientCert.在服务器请求客户端身份验证之前,您必须使用服务器证书、客户端 CA(否则您必须手动验证信任链,您真的不想要)和 tls.RequireAndVerifyClientCert 配置连接。 For example:例如:

// Load my SSL key and certificate
cert, err := tls.LoadX509KeyPair(settings.MyCertificateFile, settings.MyKeyFile)
checkError(err, "LoadX509KeyPair")

// Load the CA certificate for client certificate validation
capool := x509.NewCertPool()
cacert, err := ioutil.ReadFile(settings.CAKeyFile)
checkError(err, "loadCACert")
capool.AppendCertsFromPEM(cacert)

// Prepare server configuration
config := tls.Config{Certificates: []tls.Certificate{cert}, ClientCAs: capool, ClientAuth: tls.RequireAndVerifyClientCert}
config.NextProtos = []string{"http/1.1"}
config.Rand = rand.Reader

解决方案4
 2  2018-01-31 12:43:13

There is an easier way to do that:有一种更简单的方法可以做到这一点:

func renewCert(w http.ResponseWriter, r *http.Request) {

  if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
    cn := strings.ToLower(r.TLS.PeerCertificates[0].Subject.CommonName)
    fmt.Println("CN: %s", cn)
  }

}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Godaddy与GoLang的ssl证书 - godaddy's ssl certificate with GoLang 如何验证远程SSL证书? - How to validate remote ssl certificate? Golang SSL TCP套接字证书配置 - Golang SSL TCP socket certificate configuration Golang 使用 SSL 证书连接到 Postgres - Golang connect to Postgres using SSL certificate 获取SSL证书详细信息 - Get SSL certificate details 获取 SSL 证书“颁发给” - Get SSL Certificate 'Issued to' 获取请求的SSL证书 - Get SSL Certificate for a request 获取SSL证书 - Get the access to SSL certificate 获取并安装SSL证书 - get and install SSL certificate 在 .net 中获取 ssl 证书 - get ssl certificate in .net
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM