New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: client authentication is broken #2521
Labels
Comments
Owner changed to @bradfitz. Status changed to Accepted. |
This bug has too much stuff in it, so let me try to break this down. 1) The server side cannot be instructed to require certs. I'm not sure the server's the right place for this. This can be down with a custom handler wrapping a Handler. 2) It [the server] cannot be given a list of roots to give to the client. I'm not sure what this means. I've never used this part of TLS. Jeff, Adam? 3) The client side does not choose certificates according to the incoming trust list. Does this logic exist elsewhere in the crypto/tls package? Is the http.Transport.TLSClientConfig just not being used somewhere it should be? 4) The marchalling/unmarshalling of the certificateRequest message is wrong, meaning that it only works in the case where the server elects to send no trust list. This sounds like a bug. More details / repro test case? Status changed to HelpWanted. |
This guy sent me a partial patch which I promised to look at, but which then scrolled off the bottom of my email. Will do tomorrow. Owner changed to @agl. Status changed to Assigned. |
This is the CL, I am currently working on it: http://golang.org/cl/5448093/ I've adjusted for agl's proposed API, and am now making test cases for it. |
This issue was closed by revision c581ec4. Status changed to Fixed. |
mikioh
changed the title
tls client authentication is broken
crypto/tls: client authentication is broken
Jan 14, 2015
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
Fix incorrect marshal/unmarshal of certificateRequest. Add support for configuring client-auth on the server side. Fix the certificate selection in the client side. Update generate_cert.go to new time package Fixes golang#2521. R=krautz, agl, bradfitz CC=golang-dev, mikkel https://golang.org/cl/5448093
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by jeff.allen:
Attachments:
The text was updated successfully, but these errors were encountered: