stackoom
  简体   繁体   中英

Get remote ssl certificate in golang

 原文  2015-07-31 17:19:59       ssl/ go

Question

I want to receive a TCP connection over TLS. I want to validate client certificate and use it to authenticate the client to my application. Go has the standard crypto/tls package. It can validate client/server certificates. But I can't find way to get details of the remote (client) certificate, like the common name.

4 answers

solution1
 13 ACCPTED  2015-11-21 01:59:24

Have to call crypto/tls/Conn.Handshake . Then you can read peer certificate: tlsconn.ConnectionState().PeerCertificates[0].Subject.CommonName

solution2
 5  2020-10-17 12:52:57

Following code may help you get your answer

package main

import (
    "crypto/tls"
    "fmt"
    "log"
)

func main() {
    conf := &tls.Config{
        InsecureSkipVerify: true,
    }

    conn, err := tls.Dial("tcp", "www.google.com:443", conf)
    if err != nil {
        log.Println("Error in Dial", err)
        return
    }
    defer conn.Close()
    certs := conn.ConnectionState().PeerCertificates
    for _, cert := range certs {
        fmt.Printf("Issuer Name: %s\n", cert.Issuer)
        fmt.Printf("Expiry: %s \n", cert.NotAfter.Format("2006-January-02"))
        fmt.Printf("Common Name: %s \n", cert.Issuer.CommonName)

    }
}

solution3
 4  2015-11-20 21:30:21

When working with crypto/tls you can query any Conn object for ConnectionState:

func (c *Conn) ConnectionState() ConnectionState

The ConnectionState struct contains information about the client certificate: 

type ConnectionState struct {
        PeerCertificates            []*x509.Certificate   // certificate chain presented by remote peer
}

The x509.Certificate should be pretty straightforward to work with.

Before the server requests for client authentication, you have to configure the connection with the server certificate, client CA (otherwise you will have to verify the trust chain manually, you really don't want that), and tls.RequireAndVerifyClientCert. For example:

// Load my SSL key and certificate
cert, err := tls.LoadX509KeyPair(settings.MyCertificateFile, settings.MyKeyFile)
checkError(err, "LoadX509KeyPair")

// Load the CA certificate for client certificate validation
capool := x509.NewCertPool()
cacert, err := ioutil.ReadFile(settings.CAKeyFile)
checkError(err, "loadCACert")
capool.AppendCertsFromPEM(cacert)

// Prepare server configuration
config := tls.Config{Certificates: []tls.Certificate{cert}, ClientCAs: capool, ClientAuth: tls.RequireAndVerifyClientCert}
config.NextProtos = []string{"http/1.1"}
config.Rand = rand.Reader

solution4
 2  2018-01-31 12:43:13

There is an easier way to do that:

func renewCert(w http.ResponseWriter, r *http.Request) {

  if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
    cn := strings.ToLower(r.TLS.PeerCertificates[0].Subject.CommonName)
    fmt.Println("CN: %s", cn)
  }

}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question godaddy's ssl certificate with GoLang How to validate remote ssl certificate? Golang SSL TCP socket certificate configuration Golang connect to Postgres using SSL certificate Get SSL certificate details Get SSL Certificate 'Issued to' Get SSL Certificate for a request Get the access to SSL certificate get and install SSL certificate get ssl certificate in .net
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM