I'm using the ClientCAs and ClientAuth options in tls.Config to do cert-based client authentication in my Go HTTP application. Is it possible to also verify the client certs against a provided CRL? I see in the x509 package there are some functions around CRLs, but I'm not sure how to configure the HTTP server to use them (ie. there doesn't seem to be any options in tls.Config that would cause a CRL to also be used).
如何在Golang中针对CRL验证客户端证书?
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
1条回答 默认 最新
- donglin9717 2016-05-06 12:36关注
Is it possible to also verify the client certs against a provided CRL?
Yes, it is possible, by means of the functionality provided in the
crypto/x509package (as you correctly stated in your question). However, higher-level interfaces such ascrypto/tls.Config(consumed bynet/http) do not offer that. A good chance to implement a check against a CRL probably is by inspectingnet/http.Request.TLS.PeerCertificates.A little bit of background:
crypto/tlsis maintained by security expert Adam Langley who has an opinion on revocation checking (original source is his blog). Though I have no evidence, one might assume that this was a deliberate design decision.本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报 分享
- 2016-05-05 19:02回答 1 已采纳 Is it possible to also verify the client certs against a provided CRL? Yes, it is possible, b
- 2017-01-31 17:00回答 2 已采纳 This could go two different directions depending on what you're actually asking. If you're asking
- 2018-09-03 12:50回答 4 已采纳 If you have to create a slice of values for passing to something that requires a slice of interfac
- 2020-08-14 16:37天纵·宁琢的博客 Nginx在配置443 服务端证书时,同时配置客户端证书,实现双向认证 server { listen 443; server_name xx.xx.com; ssl_certificate server.crt; # 服务端公钥 ssl_certificate_key server.key; # 服务端私钥 ...
- 2019-09-02 19:54回答 2 已采纳 The template package does not support this directly. Create a template function that returns a sl
- 2019-07-23 16:19回答 3 已采纳 error is an interface, so you can dynamically check - using type assertions - some specific types
- 2018-04-05 08:17回答 1 已采纳 Call FileHeader.Open, which returns a multipart.File: type File interface { io.Reader
- 2022-03-21 00:30youngZ_H的博客 文章目录x509证书1. 概述2. x509证书结构2.1 证书扩展字段(X509v3 extensions)2.1.1 Key Usage2.1.2 Extended Key Usage2.1.3 Basic Constraints2.1.4 Subject Key Identifier2.1.5 Subject Alternative Name3. 证书...
- 2017-02-01 18:07回答 2 已采纳 The consumer group is specified by the second argument of the cluster consumer "constructor". Here
- 2018-01-21 21:28回答 1 已采纳 Here's another example of how to use a Timer in Go. You could spin up your timer. Set it time.Minu
- 2017-09-07 01:59回答 1 已采纳 Yes, as you can see from the sources from Go itself, in src/net/http/client.go // Add the Referer
- 2021-09-06 17:01csy2005csy的博客 实现了一系列非平台相关的IO相关接口和实现,比如提供了对os中系统相关的IO功能的封装。我们在进行流式读写(比如读写文件)时,通常会用到该包。 bufio 它在io的基础上提供了缓存功能。在具备了缓存功能后...
- 2017-03-15 06:12回答 1 已采纳 change import "context" to import "golang.org/x/net/context". but after go 1.7 you can use import
- 2022-12-13 21:28AI研习社的博客 证书验证优化 客户端在验证证书时,是个复杂的过程,会走证书链逐级验证,验证的过程不仅需要「用 CA 公钥解密证书」以及「用签名算法验证证书的完整性」,而且为了知道证书是否被 CA 吊销,客户端有时还会再去访问...
- 2020-12-29 21:40棠邑小廌的博客 一、openssl 简介...官网:https://www.openssl.org/source/构成部分密码算法库密钥和证书封装管理功能SSL通信API接口用途建立 RSA、DH、DSA key 参数建立 X.509 证书、证书签名请求(CSR)和CRLs(证书回收列表)...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
- ¥15 lammps拉伸应力应变曲线分析
- ¥15 C++ 头文件/宏冲突问题解决
- ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
- ¥50 安卓adb backup备份子用户应用数据失败
- ¥20 有人能用聚类分析帮我分析一下文本内容嘛
- ¥15 请问Lammps做复合材料拉伸模拟,应力应变曲线问题
- ¥30 python代码,帮调试,帮帮忙吧
- ¥15 #MATLAB仿真#车辆换道路径规划
- ¥15 java 操作 elasticsearch 8.1 实现 索引的重建