Re: [go-nuts] Mutual tls example

Sun, 21 Apr 2019 14:51:27 -0700 

Thank you, may be i find mode detailed example
https://diogomonica.com/2017/01/11/hitless-tls-certificate-rotation-in-go/amp/
вс, 21 апр. 2019 г. в 15:22, Aldrin Leal <ald...@leal.eng.br>:
>
> I did a while ago, but I can't share a sample. But you can build one, 
> provided that:
>
> 1. build your server as such (note the ClientAuth - thats where magic 
> happens):
>
> ...
>         rootCAs, _ := x509.SystemCertPool()
>
>         if nil == rootCAs {
>                 rootCAs = x509.NewCertPool()
>         }
>
>         cfg := &tls.Config{
>                 MinVersion: tls.VersionSSL30,
>                 /*
>                         CurvePreferences:         
> []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
>                         PreferServerCipherSuites: true,
>                         CipherSuites: []uint16{
>                                 tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>                                 tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>                                 tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
>                                 tls.TLS_RSA_WITH_AES_256_CBC_SHA,
>                         },
>                 */
>                 ClientAuth: tls.VerifyClientCertIfGiven,
>                 RootCAs:    rootCAs,
>         }
>
>         cert, err := tls.LoadX509KeyPair(*publicCertificate, *privateKey)
>
> ...
>
>
>
>         srv := &http.Server{
>                 Addr:         ":8043",
>                 Handler:      
> handlers.RecoveryHandler(handlers.PrintRecoveryStack(true))(r),
>                 TLSConfig:    cfg,
>                 TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, 
> http.Handler), 0),
>         }
>
>         log.Fatal(srv.ListenAndServeTLS(*publicCertificate, *privateKey))
>
>
> 2. Look into http.Request, under TLS.PeerCertificates array
> --
> -- Aldrin Leal, <ald...@leal.eng.br> / https://ingenieux.io/about/
>
>
> On Sun, Apr 21, 2019 at 7:09 AM Vasiliy Tolstov <v.tols...@selfip.ru> wrote:
>>
>> Hi, I'm try to find mutual tls example in go, but can't find simple example 
>> that uses crypto/tls. I need server that for some http handler for user 
>> request with token returns tls cert for communication, and client that uses 
>> this cert to communication after it returned from request. Ideally with 
>> ability to rotate keys on client before previous expired.
>> Does anybody knows it?
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "golang-nuts" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to golang-nuts+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.



-- 
Vasiliy Tolstov,
e-mail: v.tols...@selfip.ru

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to