How the Go language HTTP server verifies the contents of a client-side certificate

Source: Internet
Author: User
This is a creation in Article, where the information may have evolved or changed.

In the previous article, "Go language for two-way TLS certified Rest Service" describes how to implement the client and server side of the two-way TLS authentication, here again how to obtain the content of the client certificate on the server side.

For example, how to obtain the subject attribute in the certificate.

  Package Mainimport ("Net/http" "Encoding/json") func MyHandler (w http. Responsewriter, R *http. Request) {if! Validrequest (r) {res: = map[string]string {"Error": http. StatusText (http. statusunauthorized)} B, _: = json. Marshal (RES) W.writeheader (http. statusunauthorized) W.header (). Set ("Content-type", "Application/json") W.write (b)} else {//Normal call flow ...}} Func validrequest (R *http. Request) bool {if r.tls! = Nil {for _, cert: = Range r.tls. peercertificates {if cert. IsCA = = False {//do something with the cert, for example://Signature: = Cert. Signature//issuer: = cert. Issuer Subject: = Cert. Subject if Subject. CommonName = = "Guest" {Return True}}} return false}  

In this example, add a validrequest step at the entrance of the handler function to verify some of the properties in the client certificate, such as in our example, to verify that subject common name is the guest, if not an error.

For more information about the certificate, please refer to the following:
https://golang.org/pkg/crypto/x509/#Certificate

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.