On Dec 9, 2015, at 5:39 PM, Nathan Youngman <
junk...@nathany.com> wrote:
> I have a newbie crypto question using Go's tls and x509 packages. Feels like I'm missing something.
As I understand it, tls.Certificate is slightly misleadingly named. It holds a set of certificates and some supplementary info- the kind of thing you'd get from a TLS server in its hello message.
I think you'd want to just wrap up your certificate and related data into the struct:
parsedPrivateKey, parsedCert, err := pkcs12.Decode(...)
thing := tls.Certificate{
Certificate: [][]byte{ parsedCert.Raw },
PrivateKey: parsedPrivateKey,
Leaf: parsedCert,
}
The "Raw" field of an x509.Certificate is the whole certificate, DER-encoded (which is just the result of base64-decoding the PEM certificate). And if you're only doing verification I assume you don't need to set the PrivateKey field of tls.Certificate.