Hi,
I’m experience a weird problem with Go client accessing apache SSL server. I need to authenticate my client with my X509 certificates. Here is a client code:
// helper function to create a client
func HttpClient() *http.Client {
uckey := os.Getenv("X509_USER_KEY")
ucert := os.Getenv("X509_USER_CERT")
cert, err := tls.LoadX509KeyPair(ucert, uckey)
if err != nil {
panic(err.Error())
}
certs := []tls.Certificate{cert}
// root CA
caCert, err := ioutil.ReadFile("my-grid-CA.pem")
if err != nil {
panic(err.Error())
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
tlsConfig := &tls.Config{Certificates: certs, RootCAs: caCertPool}
tlsConfig.BuildNameToCertificate()
tr := &http.Transport{TLSClientConfig: tlsConfig}
return &http.Client{Transport: tr}
}
Then I use the following code to make an HTTPs call:
rurl := "MY_URL"
req, _ := http.NewRequest("GET", rurl, nil)
req.Header.Add("Accept-Encoding", "identity") // I setup other headers in a similar way
client := HttpClient()
resp, err := client.Do(req)
And, I’m getting authentication error because my client certificates are not propagated into apache server.
From the apache server I found that mod_ssl extract my server CA and creates SSL_SERVER_CERT
and similar SSL_SERVER
headers, but for client certificates it only creates
SSL_CLIENT_VERIFY: NONE
SSL_CLIENT_CERT:
and nothing else. If I use python code or plain curl I do see that apache correctly identifies client certificates, extracts my DN, etc., i.e. it setups up SSL_CLIENT_S_DN
and other headers, which later used by authentication code.
How to dump in Go code the request along with passed certificates? I used httputil.DumpRequestOut
but it does not print my certificates, it only provides info about request headers.
What else am I missing,
I would appreciate any help,
Valentin.