Hi there,
I am trying to perform further authentication operations based on an
existing tls.Conn without modifying the package/module itself because of
portability and security reasons. More precisely, I want to know on the
server side if the client actually used a certificate to establish an
optional mTLS connection and if so, I need a reference to said certificate.
Alternatively, I could force mTLS, however I would still need reference to
the certificate. I can see that in the tls.Conn struct there is an
unexported field called peerCertificates.
// A Conn represents a secured connection.
// It implements the net.Conn interface.
type Conn struct {
// constant
...
peerCertificates []*x509.Certificate
Access to this field/value would basically solve everything for me as the
current connection is basically a blackbox (probably rightfully so, because
less access means fewer ways to mess it up).
My question is: would it make sense to propose a code addition where I
could obtain these certificates or is there any potentially negative
consequence to providing the certs that I’m not seeing? This could be
similar to the function RemoteAddr() provided by the net.Connection
interface... Alternatively, is there another module/package that solves
this?
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/35a1d230-a803-46bb-92f6-2e0242f8ae03n%40googlegroups.com.
