Hello. Is there some way to configure Server TLS so that when it is verifying a client certificate it can call out to my own function when the client certificate is not found in the server’s tls.Config ClientCAs x509.CertPool?
Poking around in the Go source i can see it gets to certs[0].Verify(opts) in go/handshake_server.go at master · golang/go · GitHub, and in Verify it calls if opts.Roots.contains(c)
and in the contains
function what i need is some way to have some custom code if s.havesum
is false - go/cert_pool.go at 527ace0ffa81d59698d3a78ac3545de7295ea76b · golang/go · GitHub
What I’m trying to do is have the Server accept clients using self signed certificates that are registered in our backend database.
Thanks for any comments.