2015-12-10 01:32
浏览 311


I'm using x/crypto/pkcs12 to load a DER formatted *.p12 file. There is an example in the documentation that uses tls.X509KeyPair to make a tls.Certificate which can be used for an HTTP client.

That's perfect, and works fine. But then I also want to verify that the certificate hasn't expired. The pkcs12 library also has a Decode function which returns an x509 certificate, that I can than use the Verify method on. This also works fine.

It just seems odd to me that I'm decoding the DER twice. Once for an x509.Certificate to verify, and again to get a tls.Certificate. I don't know the relationship between these two Certificate structures, but seeing as the tls package has a function named tls.X509KeyPair that takes some bytes, shouldn't there also be an obvious way to get a tls.Certificate from an x509.Certificate or visa versa? What am I missing?

图片转代码服务由CSDN问答提供 功能建议

我正在使用 x / crypto / pkcs12 即可加载DER格式的* .p12文件。 在文档中有示例,其中使用了 tls .X509KeyPair </ code>生成一个可以用于HTTP客户端的 tls.Certificate </ code>。</ p>

那是完美的,并且工作正常。 但是,然后我还想验证证书尚未过期。 pkcs12 </ code>库还具有解码功能 它返回一个x509证书,然后我可以使用 Verify 方法。 </ p>

对我来说,两次解码DER对我来说似乎很奇怪。 一次用于 x509.Certificate </ code>进行验证,然后再次获得 tls.Certificate </ code>。 我不知道这两个证书结构之间的关系,但是看到tls包具有一个名为tls.X509KeyPair的函数,该函数占用一些字节,应该不是从x509中获取tls.Certificate的明显方法。 证书还是签证? 我想念什么?</ p> </ div>

1条回答 默认 最新

相关推荐 更多相似问题