I am trying to use golang crypto/tls library to extract SubjectKeyIdentifiers for all the Certificates in a Chain that a server returns.
package main
import (
"crypto/tls"
"fmt"
)
func main() {
conn, err := tls.Dial("tcp", "mail.google.com:443", &tls.Config{
InsecureSkipVerify: true,
})
if err != nil {
panic("failed to connect: " + err.Error())
}
state := conn.ConnectionState()
if err != nil {
panic("failed to get ConnState: " + err.Error())
}
for _, cert := range state.PeerCertificates {
fmt.Printf("%s
", cert.Subject.CommonName)
fmt.Printf("%X
", cert.SubjectKeyId)
}
conn.Close()
}
As per the docs SubjectKeyId should have already been populated with ASN1 parsed data. The problem is that I get 4E16C14EFCD46B0A09F8090F1C00278C6F992C65
while the real one is
30:A1:48:01:DB:2B:C3:EE:D3:84:54:4B:66:AF:0C:4C:66:F7:69:47
What I am doing wrongly here ?