Re: [go-nuts] Crypto/tls: Get further information on established TLS connection

[Sean Liao]

tls.Conn.ConnectionState().PeerCertificates

- sean

On Mon, May 9, 2022, 16:59 J. Pecholt <jo.pe...@gmail.com> wrote:

Hi there,
I am trying to perform further authentication operations based on an existing tls.Conn without modifying the package/module itself because of portability and security reasons. More precisely, I want to know on the server side if the client actually used a certificate to establish an optional mTLS connection and if so, I need a reference to said certificate. Alternatively, I could force mTLS, however I would still need reference to the certificate. I can see that in the tls.Conn struct there is an unexported field called peerCertificates.

// A Conn represents a secured connection.

// It implements the net.Conn interface.

type Conn struct {

   // constant

   ...

   peerCertificates []*x509.Certificate

Access to this field/value would basically solve everything for me as the current connection is basically a blackbox (probably rightfully so, because less access means fewer ways to mess it up).
My question is: would it make sense to propose a code addition where I could obtain these certificates or is there any potentially negative consequence to providing the certs that I’m not seeing? This could be similar to the function RemoteAddr() provided by the net.Connection interface... Alternatively, is there another module/package that solves this?

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/35a1d230-a803-46bb-92f6-2e0242f8ae03n%40googlegroups.com.