TLS Enabled HTTP Server

230 views
Skip to first unread message

Craig Wickesser

unread,
Jan 20, 2014, 1:24:37 PM1/20/14
to golan...@googlegroups.com
I'm trying to start up a TLS enabled HTTP server. I can get it running and my client (via a browser) can connect. However, I'd like to access the clients certificate when a request comes in, any help would be appreciated.

Here's my server: https://gist.github.com/mindscratch/8525915

Thanks

Brad Fitzpatrick

unread,
Jan 20, 2014, 3:10:02 PM1/20/14
to Craig Wickesser, golang-nuts
http.Request.TLS.PeerCertificates



--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Craig Wickesser

unread,
Jan 22, 2014, 7:38:20 AM1/22/14
to golan...@googlegroups.com, Craig Wickesser
Thanks, that seems to be what I needed. I noticed when get the users certificate in Java, if I print out x509Certificate.getSubjectDN().toString() I get something like:

cn=Wickesser Craig cwickesser,ou=something,ou=foo,o=blah,c=us

whereas with Go, if print out request.TLS.PeerCertificates[0].Subject.CommonName I get:

Wickesser Craig cwickesser

is that "cn=", "ou="...something Java adds...or should I be able to get that same sort of string from Go?

java reference: http://docs.oracle.com/javase/7/docs/api/java/security/cert/X509Certificate.html#getSubjectDN%28%29
go reference: http://golang.org/pkg/crypto/x509/#Certificate

Brad Fitzpatrick

unread,
Jan 22, 2014, 7:04:15 PM1/22/14
to Craig Wickesser, golang-nuts
I don't know how Java or Go stringifies them.  The real data should be there in both languages, though, to be formatted however you wish.

Martin Schnabel

unread,
Jan 22, 2014, 7:22:07 PM1/22/14
to golan...@googlegroups.com
On 01/22/2014 01:38 PM, Craig Wickesser wrote:
> Thanks, that seems to be what I needed. I noticed when get the users
> certificate in Java, if I print out
> x509Certificate.getSubjectDN().toString() I get something like:
>
> cn=Wickesser Craig cwickesser,ou=something,ou=foo,o=blah,c=us
>
> whereas with Go, if print out
> request.TLS.PeerCertificates[0].Subject.CommonName I get:
>
> Wickesser Craig cwickesser
>
> is that "cn=", "ou="...something Java adds...or should I be able to get
> that same sort of string from Go?

the request.TLS.PeerCertificates[0].Subject is a
http://godoc.org/crypto/x509/pkix#Name
(i think)

and the common abbreviations used stand for:
cn is CommonName
ou is OrganizationalUnit
o is Organization
c is Country

so you are effectively able to get the same string from go.

Raffaele Sena

unread,
Jan 22, 2014, 7:22:24 PM1/22/14
to Brad Fitzpatrick, Craig Wickesser, golang-nuts
If you look at the definition of pkix.Name (crypto/x509/pkix/pkix) :

// Name represents an X.509 distinguished name. This only includes the common
    42	// elements of a DN.  Additional elements in the name are ignored.
    43	type Name struct {
    44		Country, Organization, OrganizationalUnit []string
    45		Locality, Province                        []string
    46		StreetAddress, PostalCode                 []string
    47		SerialNumber, CommonName                  string
    48	
    49		Names []AttributeTypeAndValue
    50	}
You see the different fields, and you can guess how they match the Java stringified version (that is actually the way those things are normally printed) :

CommonName -> cn
OrganizationalUnit -> ou
Organization -> o
Country -> c

And so on. Java has a toString() method that returns the common format, Go doesn't (but you can add your own) 

Google for x509 distinguished name or check this http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=%2Fcom.ibm.mq.csqzas.doc%2Fsy10570_.htm
 
-- Raffaele
Reply all
Reply to author
Forward
0 new messages