On Tue, Nov 19, 2019 at 6:31 PM Matthew Zimmerman <mzimmer...@gmail.com> wrote: > > I can authenticate users via certificate with tls.Config and > RequireAndVerifyClientCert to my CA, that's working just fine. > > What I'd like to do however is to *only* require and verify the cert if they > don't have a valid session cookie. I know that the session is only available > after TLS, but the client cert is also not available always. I only want the > cert to be required for an initial authentication and then after certain > timeout periods. > > Is there any way to tell the client to reconnect but this time present a > certificate? I don't think there is, but trying to work through this. I > could run the service on a different port and then have separate tls.Config > options (require cert or not), but the fat client I'm dealing with doesn't > like the different port -- it only wants 443. > > I've also thought about authenticating on a different domain name > auth.service then redirecting to data.service or something like that where > the cookie would be issued to the *.service domain, however that's still one > tls.Config and using SNI with tls.Config.GetCertificate() and I don't know of > a way to change the tls.Config.ClientAuth for a server based upon the SNI.
Can you run it in a container, assign two IPs, with different tls listeners for each IP? > > Any ideas? > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/CAD53Lr5Cy44eRdmqOx9JaKuZEuNUJChL52%2BNxVy-QhAvSx%2BDjg%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAMV2RqrJmNHrKO6N9e0u60-HAeGZYps0SG%3Dq4Sse4kO_zY50cQ%40mail.gmail.com.
