Home > database >  Golang - TLS mutual authentication - Dump client certificates
Golang - TLS mutual authentication - Dump client certificates

Time:09-01

I have TLS server with mutual authentication. I want to dump client certificates if handshake error. I use ErrorLog in http.Server struct, but this logger doesn't get the information about client certificates. I tried to use the VerifyConnection function in tls.Config struct, but it starts after the correct handshake. How can I dump the client certificates(wrong and corrects)?

CodePudding user response:

You could dump the client certificates through tls Conn.ConnectionState after Conn.HandShake as long as the handshake of TLS is done.

Here are code snippets

    config := tls.Config{
        Certificates:       []tls.Certificate{yourServerCert},
        ClientAuth:         tls.RequestClientCert,
        InsecureSkipVerify: true,
    }

    listener, err := tls.Listen("tcp", "localhost:8080", &config)
    if err != nil {
        fmt.Println("server: listen err % v \n", err)
        return
    }

    conn, err := listener.Accept()
    if err != nil {
        fmt.Println("server: accept err % v \n", err)
        return
    }

    tlsConn, ok := conn.(*tls.Conn)
    if !ok {
        fmt.Println("server: invalid tls connection")
        return
    }

    if err := tlsConn.Handshake(); err != nil {
        fmt.Println("server: client handshake err % v \n", err)
        return
    }

    state := tlsConn.ConnectionState()
    for _, v := range state.PeerCertificates {
        fmt.Printf("server: remote client cert % v \n", v)
    }

Page link:https//www.codepudding.com/database/530555.html

Prev:How to solve "No converter for [class [B] with preset Content-Type 'image/png'"
Next:Is there a way to export output of "git branch -a" in a text file?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding