How the Go language HTTP server verifies the contents of a client-side certificate

This is a creation in Article, where the information may have evolved or changed.

In the previous article, "Go language for two-way TLS certified Rest Service" describes how to implement the client and server side of the two-way TLS authentication, here again how to obtain the content of the client certificate on the server side.

For example, how to obtain the subject attribute in the certificate.

  Package Mainimport ("Net/http" "Encoding/json") func MyHandler (w http. Responsewriter, R *http. Request) {if! Validrequest (r) {res: = map[string]string {"Error": http. StatusText (http. statusunauthorized)} B, _: = json. Marshal (RES) W.writeheader (http. statusunauthorized) W.header (). Set ("Content-type", "Application/json") W.write (b)} else {//Normal call flow ...}} Func validrequest (R *http. Request) bool {if r.tls! = Nil {for _, cert: = Range r.tls. peercertificates {if cert. IsCA = = False {//do something with the cert, for example://Signature: = Cert. Signature//issuer: = cert. Issuer Subject: = Cert. Subject if Subject. CommonName = = "Guest" {Return True}}} return false}  

In this example, add a validrequest step at the entrance of the handler function to verify some of the properties in the client certificate, such as in our example, to verify that subject common name is the guest, if not an error.

For more information about the certificate, please refer to the following:
https://golang.org/pkg/crypto/x509/#Certificate