Compare client certificates in go

User1791139:

My use case looks like I know the client's public certificate and just want to allow them. I have a go server configured based on gin and TLS where a method has been assigned to the property "VerifyPeerCertificate". The function looks like

func customVerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {

if len(verifiedChains) < 1 {
    return errors.New("Verified certificate chains is empty.")
}
if len(verifiedChains[0]) < 1 {
    return errors.New("No certificates in certificate chains.")
}
if len(verifiedChains[0][0].Subject.CommonName) < 1 {
    return errors.New("Common name can not be empty.")
}

fmt.Println(verifiedChains[0][0].Raw)

publicKeyDer, _ := x509.MarshalPKIXPublicKey(verifiedChains[0][0].PublicKey)

publicKeyBlock := pem.Block{
    Type:  "CERTIFICATE",
    Bytes: publicKeyDer,
}
publicKeyPem := string(pem.EncodeToMemory(&publicKeyBlock))
}

But the problem is that the string in the variable "publicKeyPem" doesn't look like the client public certificate I use to send requests to the server, it's also shorter in length.

mark:

A certificate is more than just its public key. The whole x509.Certificate object represents the certificate presented by the client, the public key field is just the actual value of the public key.

If you want to compare certificates for strict equality, you should use the parameter rawCerts [][]bytepassed to the callback . This is mentioned in the tls.Config comment VerifyPeerCertificate:

    VerifyPeerCertificate, if not nil, is called after normal
    certificate verification by either a TLS client or server. It
    receives the raw ASN.1 certificates provided by the peer and also
    any verified chains that normal processing found. If it returns a
    non-nil error, the handshake is aborted and that error results.

Related

Using Client Certificates in Curl Commands

sunsin1985 : curl command: curl -k -vvvv --request POST --header "Content-Type: application/json" --cert client.pem:password --key key.pem "https://test.com:8443/testing" I am trying to send a client certificate using the Curl command specified above. I would

OCSP revocation of client certificates

gtrak: How to manually check certificate revocation status in Java using OCSP, considering only the client's java.security.cert.X509Certificate? I can't see a clear way to do it. Alternatively, I can have tomcat do this for me automatically, how do you know yo

WSDL client authentication and multiple certificates

other: So I'm having issues with wsdls here, with multiple certificates selected in Java. For example, a smart card has multiple certificates on it for signing, encryption and identification. I have a WSDL that generates code for client auth connections, but a

Client certificates and identities in iOS

lipoprotein: I have used SecKeyGeneratePairfunctions to generate private and public keys for a Swift based iOS app . I then generated a "Certificate Signing Request" using the iOS CSR and my server replied with a certificate chain in PEM format. I use the foll

Using Client Certificates in Alamofire 2.0

Paul On Alamofire 1 and Swift 1.2, I use the following code to make a request and submit my own client certificate: Alamofire.request(.POST, url!, parameters: params, encoding: .JSON) .authenticate(usingCredential: credential) .responseJSON { (request,

Using Client Certificates in Curl Commands

sunsin1985 : curl command: curl -k -vvvv --request POST --header "Content-Type: application/json" --cert client.pem:password --key key.pem "https://test.com:8443/testing" I am trying to send a client certificate using the Curl command specified above. I would

OCSP revocation of client certificates

gtrak: How to manually check certificate revocation status in Java using OCSP, considering only the client's java.security.cert.X509Certificate? I can't see a clear way to do it. Alternatively, I can have tomcat do this for me automatically, how do you know yo

WSDL client authentication and multiple certificates

other: So I'm having issues with wsdls here, with multiple certificates selected in Java. For example, a smart card has multiple certificates on it for signing, encryption and identification. I have a WSDL that generates code for client auth connections, but a

AWS Multiple VPN Client Certificates

Ludo21 South With AWS, I need to make sure I have multiple clients using the VPN network. Each client will use the same server certificate I created earlier. Now, using this document, I managed to set up my own VPN and was able to connect to it using the gener

Compare client certificates in go

User1791139: My use case looks like I know the client's public certificate and just want to allow them. I have a go server configured based on gin and TLS where a method has been assigned to the property "VerifyPeerCertificate". The function looks like func cu

Client certificates and identities in iOS

lipoprotein: I have used SecKeyGeneratePairfunctions to generate private and public keys for a Swift based iOS app . I then generated a "Certificate Signing Request" using the iOS CSR and my server replied with a certificate chain in PEM format. I use the foll

Dynamically request client certificates

user 93353 The web server has settings for requesting client certificates - eg. SSLVerifyClient requireIn Apache, use other settings in IIS etc. If this setting is set, the browser will pop up a dialog asking you to select a certificate. Is it possible to requ

Android and client certificates

Anthony B Code I've been searching for weeks and can't seem to find an answer anywhere. I am trying to do the following for Android. The code is from a C# app I wrote but am porting it to Android. Web endpoints require certificates to be attached to mutual aut

Android and client certificates

Anthony B Code I've been searching for weeks and can't seem to find an answer anywhere. I am trying to do the following for Android. The code is from a C# app I wrote but am porting it to Android. Web endpoints require certificates to be attached to mutual aut

OCSP revocation of client certificates

gtrak: How to manually check certificate revocation status in Java using OCSP, considering only the client's java.security.cert.X509Certificate? I can't see a clear way to do it. Alternatively, I can have tomcat do this for me automatically, how do you know yo

Compare client certificates in go

User1791139: My use case looks like I know the client's public certificate and just want to allow them. I have a go server configured based on gin and TLS where a method has been assigned to the property "VerifyPeerCertificate". The function looks like func cu

Client certificates and identities in iOS

lipoprotein: I have used SecKeyGeneratePairfunctions to generate private and public keys for a Swift based iOS app . I then generated a "Certificate Signing Request" using the iOS CSR and my server replied with a certificate chain in PEM format. I use the foll

Dynamically request client certificates

user 93353 The web server has settings for requesting client certificates - eg. SSLVerifyClient requireIn Apache, use other settings in IIS etc. If this setting is set, the browser will pop up a dialog asking you to select a certificate. Is it possible to requ