Re: [go-nuts] Crypto/tls: Get further information on established TLS connection

Mon, 09 May 2022 09:19:41 -0700 

tls.Conn.ConnectionState().PeerCertificates

- sean

On Mon, May 9, 2022, 16:59 J. Pecholt <jo.pech...@gmail.com> wrote:

> Hi there,
> I am trying to perform further authentication operations based on an
> existing tls.Conn without modifying the package/module itself because of
> portability and security reasons. More precisely, I want to know on the
> server side if the client actually used a certificate to establish an
> optional mTLS connection and if so, I need a reference to said certificate.
> Alternatively, I could force mTLS, however I would still need reference to
> the certificate. I can see that in the tls.Conn struct there is an
> unexported field called peerCertificates.
>
> // A Conn represents a secured connection.
>
> // It implements the net.Conn interface.
>
> type Conn struct {
>
>    // constant
>
>    ...
>
>    peerCertificates []*x509.Certificate
>
> Access to this field/value would basically solve everything for me as the
> current connection is basically a blackbox (probably rightfully so, because
> less access means fewer ways to mess it up).
> My question is: would it make sense to propose a code addition where I
> could obtain these certificates or is there any potentially negative
> consequence to providing the certs that I’m not seeing? This could be
> similar to the function RemoteAddr() provided by the net.Connection
> interface... Alternatively, is there another module/package that solves
> this?
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/35a1d230-a803-46bb-92f6-2e0242f8ae03n%40googlegroups.com
> <https://groups.google.com/d/msgid/golang-nuts/35a1d230-a803-46bb-92f6-2e0242f8ae03n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/CAGabyPqhZ9KmMYnmDPjX6oqqZaM8SU_DFY-q0g_ALFwseFLQ6w%40mail.gmail.com.

Reply via email to