You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Line 207 compares RawIssuer to the Leaf:
http://golang.org/src/pkg/crypto/tls/handshake_client.go#L207
When you have an Intermediate CA this fails. The RawIssuer should be compared to the
"Head" certificate, not the "Leaf". Line 207 should be:
if leaf, err = x509.ParseCertificate(cert.Certificate[len(cert.Certificate)-1]); err !=
nil {
Assuming the chain looks like this:
Root CA -> Intermediate CA -> Client Cert
The server has the "Root CA" in tls.Config.ClientCAs. The client has
"Client Cert | Intermediate CA" concated in the same file, loaded with
tls.LoadX509KeyPair (which ensures index 0, "Client Cert", matches the private
key, as it should).
The text was updated successfully, but these errors were encountered:
The text was updated successfully, but these errors were encountered: