比较go中的客户端证书

My use case looks like I know the public certificates of my clients and only want to allow them. I have a go server based on gin and a TLS configuration in which I have assigned a method to the property "VerifyPeerCertificate". The function looks like

func customVerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {

if len(verifiedChains) < 1 {
    return errors.New("Verified certificate chains is empty.")
}
if len(verifiedChains[0]) < 1 {
    return errors.New("No certificates in certificate chains.")
}
if len(verifiedChains[0][0].Subject.CommonName) < 1 {
    return errors.New("Common name can not be empty.")
}

fmt.Println(verifiedChains[0][0].Raw)

publicKeyDer, _ := x509.MarshalPKIXPublicKey(verifiedChains[0][0].PublicKey)

publicKeyBlock := pem.Block{
    Type:  "CERTIFICATE",
    Bytes: publicKeyDer,
}
publicKeyPem := string(pem.EncodeToMemory(&publicKeyBlock))
}

The problem is, however, that the string in the variable "publicKeyPem" does not look like the client public certificate I used to send the request to the server, it's also shorter in length.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duanmianhong4893 2019-09-01 11:56
关注
A certificate is more than its public key. The entire x509.Certificate object represents the certificate presented by the client, the public key field is only the actual value of the public key.

If you want to compare certificates for strict equality, you should use the rawCerts [][]byte argument passed to your callback. This is mentioned in the tls.Config comments for VerifyPeerCertificate:

VerifyPeerCertificate, if not nil, is called after normal certificate verification by either a TLS client or server. It receives the raw ASN.1 certificates provided by the peer and also any verified chains that normal processing found. If it returns a non-nil error, the handshake is aborted and that error results.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

比较go中的客户端证书
2019-09-01 09:50

回答 2 已采纳 A certificate is more than its public key. The entire x509.Certificate object represents the certi
如何在Golang中针对CRL验证客户端证书？ ssl
2016-05-05 19:02

回答 1 已采纳 Is it possible to also verify the client certs against a provided CRL? Yes, it is possible, b
Go lang中的AWS API Gateway客户端证书
2017-05-09 08:35

回答 1 已采纳 The client certificate AWS is given you is for authenticating the client that send requests to you
服务器如何获取客户端证书,如何在Go HTTPS服务器中获取客户端证书
2021-07-30 01:20

向往真善美吧的博客我在尝试了解如何在Go Web服务器中获取客户端证书。这里是一个服务器代码：如何在Go HTTPS服务器中获取客户端证书package mainimport ("log""net/http""net/http/httputil")func defaultHandler(w ...
Golang：如何在HTTP客户端的TLS配置中指定证书 ssl
2014-02-04 20:05

回答 1 已采纳 You can replace the system CA set by providing a root CA pool in tls.Config. certs := x509.NewCer
如何在Go HTTPS服务器中获取客户端证书 https ssl
2017-02-08 21:02

回答 1 已采纳 The client shouldn't send a certificate unless requested. Set ClientAuth in the tls.Config to an a
在Go gRPC处理程序中从客户端证书获取主题DN
2017-11-09 06:58

回答 1 已采纳 You can use peer.Peer from ctx context.Context for access to the OID registry in x509.Certificate.
服务器客户端证书,客户端如何验证HTTPS服务端证书信息
2021-07-29 00:31

weixin_29200485的博客通过一个例子说明客户端如何验证HTTPS服务端的证书信息。类型浏览器如何验证WEB服务器的证书信息。生成服务器端证书，以及CA证书# generate ca certificate$ openssl genrsa -out ca-key.pem 2048$ openssl req -new...
如何在Go中从http客户端获取x509证书
2019-02-28 17:01

回答 1 已采纳 The response has a TLS *tls.ConnectionState field, which in turn has: type ConnectionState struct
asn1 go（客户端证书身份验证） ssl
2015-01-16 20:46

回答 1 已采纳 I did some duck duck going and found the rfc320 that provides the definitions of the asn.1 classes
如何在GO中使用CA证书创建TLS客户端？ https ssl
2016-07-26 06:54

回答 1 已采纳 package main import ( "crypto/tls" "crypto/x509" "flag" "io/ioutil" "log"
minikube-client:为Minikube生成客户端证书
2021-03-21 11:30

迷你客户端生成由Minikube的CA签名的客户端证书和密钥，以进行快速身份验证设置。用法minikube-client -cn myuser -o mygroup请注意， -o接受多个组的逗号分隔字符串（例如a,b ）。您的kubeconfig将使用嵌入式客户端...
如何使Go接受用于TLS客户端身份验证的自签名证书？ ssl
2016-03-30 18:37

回答 1 已采纳 @JohnWeldon's comment led me to the solution, which is that I need to modify the client Certificat
认证：客户端和服务器证书的自动分发和维护
2021-02-01 23:29

我在演讲中包含如何配置Vault实例以安全地为Go客户端和服务器颁发证书的演练。用户数您是否正在使用Certify并希望在此处可见？打开一个问题！发行人 Certify公开了Issuer接口，该接口用于允许在Issuer后端之间...
Golang_15: Go语言网络编程：HTTP/HTTPS Client 客户端
2023-05-26 20:30

谢TS的博客 Go 语言内置的 net/http 包提供了简洁而又完善的 HTTP 客户端 和服务端的实现，并且 客户端 和服务端均支持 HTTP/2.0。
没有解决我的问题, 去提问

悬赏问题

¥15 电脑桌面设定一个区域禁止鼠标操作
¥15 求NPF226060磁芯的详细资料
¥15 使用R语言marginaleffects包进行边际效应图绘制
¥20 usb设备兼容性问题
¥15 错误(10048): “调用exui内部功能”库命令的参数“参数4”不能接受空数据。怎么解决啊
¥15 安装svn网络有问题怎么办
¥15 Python爬取指定微博话题下的内容，保存为txt
¥15 vue2登录调用后端接口如何实现
¥65 永磁型步进电机PID算法
¥15 sqlite 附加（attach database）加密数据库时，返回26是什么原因呢？

比较go中的客户端证书

2条回答 默认 最新

悬赏问题

2条回答默认最新