tls: certificate signed by unknown authority
182 views
Skip to first unread message
Archos
Apr 14, 2013, 7:16:49 PM4/14/13
to golan...@googlegroups.com
I had created a root CA's certificate using OpenSSL but I could not use it from Go.
The main code to setup the TLS config. in my code is:
KEY_PEM_BLOCK := []byte{...}
CERT_PEM_BLOCK := []byte{...}
CA_CERT_BLOCK := []byte{...} // /home/foo/.RootCA/certs/ca.crt"
cert, err := tls.X509KeyPair(CERT_PEM_BLOCK, KEY_PEM_BLOCK)
if err != nil {
log.Fatal("load keys: ", err)
}
certPool := x509.NewCertPool()
if ok := certPool.AppendCertsFromPEM(CA_CERT_BLOCK); !ok {
log.Fatal("CA certificate not valid")
}
TLSConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: certPool,
}
* * *
Which is right, except that the root CA was created using the digest algorithm RMD160 which is unsupported in Go. At the end, it is only possible to use md5 or sha1 to work with Go.
The main code to setup the TLS config. in my code is:
KEY_PEM_BLOCK := []byte{...}
CERT_PEM_BLOCK := []byte{...}
CA_CERT_BLOCK := []byte{...} // /home/foo/.RootCA/certs/ca.crt"
cert, err := tls.X509KeyPair(CERT_PEM_BLOCK, KEY_PEM_BLOCK)
if err != nil {
log.Fatal("load keys: ", err)
}
certPool := x509.NewCertPool()
if ok := certPool.AppendCertsFromPEM(CA_CERT_BLOCK); !ok {
log.Fatal("CA certificate not valid")
}
TLSConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: certPool,
}
* * *
Which is right, except that the root CA was created using the digest algorithm RMD160 which is unsupported in Go. At the end, it is only possible to use md5 or sha1 to work with Go.
Archos
Jun 17, 2013, 3:03:38 AM6/17/13
to golan...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages