Hi Gophers! Is there a way to get the subject of a client cert when the TLS
handshake fails? We are getting spammed with TLS handshake errors and there
is no easy way to see what clients are trying to authenticate. The remote
address in the log is the load balancer IP. Ideally, we’d like to log the
client cert subject when TLS handshake fails.
http: TLS handshake error from 10.x.x.x:12345: tls: failed to verify client
certificate
http: TLS handshake error from 10.x.x.x:12345: tls: client didn't provide a
certificate
caCert, _ := ioutil.ReadFile("ca.crt")
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
tlsConfig := &tls.Config{
ClientCAs: caCertPool,
ClientAuth: tls.RequireAndVerifyClientCert,
}
tlsConfig.BuildNameToCertificate()
r := mux.NewRouter()
r.HandleFunc("/", client.DefaultHandler)
server := &http.Server{
Addr: ":9443",
TLSConfig: tlsConfig,
Handler: r,
}
server.ListenAndServeTLS("server.crt", "server.key")
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/7af5b0d4-efcb-4a6c-82d5-13da1a1e0bd8n%40googlegroups.com.
