Server:
pool := x509.NewCertPool()
pool.AddCert(rootCert)
config := &tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
MinVersion: tls.VersionTLS13,
MaxVersion: tls.VersionTLS13,
ClientCAs: pool,
}
Client:
pool := x509.NewCertPool()
pool.AddCert(serverCert)
// Configure TLS connection
config := &tls.Config{
Certificates: []tls.Certificate{cert},
InsecureSkipVerify: false,
RootCAs: pool,
ServerName: "localhost",
}
I’m doing:
$ openssl req -x509 -nodes -newkey rsa:2048 -out root.pem -subj "/CN=localhost" -addext "subjectAltName = DNS:localhost"
But I receive:
2023/06/10 11:40:58 tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match localhost
2023/06/10 11:32:21 tls: failed to verify certificate: x509: cannot validate cer tificate for 127.0.0.1 because it doesn't contain any IP SANs
How do I perform handshake using CA pool without resulting in these errors? I can’t do it anyway!
Thanks in advance.