That's perfect, and works fine. But then I also want to verify that the certificate hasn't expired. The
pkcs12 library also has a Decode function which returns an x509 certificate, that I can than use the Verify method on. This also works fine.
It just seems odd to me that I'm decoding the DER twice. Once for an
x509.Certificate to verify, and again to get a
tls.Certificate. I don't know the relationship between these two Certificate structures, but seeing as the tls package has a function named tls.X509KeyPair that takes some bytes, shouldn't there also be an obvious way to get a tls.Certificate from an x509.Certificate or visa versa? What am I missing?