I am trying to make a client/server pair using crypto/tls, and if using
tls.RequireAndVerifyClientCert in my tls.Config, the server requires the
client cert to have extended key usage for client authentication set. But,
tls.LoadX509KeyPair and x509.ParseCertificate both fail for certificates
generated by openssl with option '-addtrust clientAuth'. I have not tried
to construct an x509 with crypto/x509 to see if that makes a different
format from openssl. The parsing error seems to be coming from
encoding/asn1's Unmarshal, but that's as far as I have tracked it down...
When I try to Unmarshal the pem.Block manually, I get errors even for the
ones that succeed with tls.LoadX509KeyPair and x509.ParseCertificate.

See https://github.com/mbanack/x509loader for certs, sample loading code
(loadcert.go), and the openssl commands which generated the certs (using
OpenSSL 1.0.0j).

It is entirely possible I am just doing something silly, but I could use
another set of eyes.



Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 9 | next ›
Discussion Overview
groupgolang-nuts @
postedJan 14, '13 at 8:12a
activeJan 16, '13 at 11:39a



site design / logo © 2021 Grokbase