Categorygithub.com/mjwhitta/websocket_client_cert
modulepackage
0.0.0-20240708164352-bf94d08f0633
Repository: https://github.com/mjwhitta/websocket_client_cert.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
9
Dependents
0
Files
176 SLOC

# README

Websockets using TLS client certificates

Yum

This repo contains sample code for a server and a client that use and enforce TLS client certificates. The server uses a certificate chain in pki/pems/localhost.chain.pem. This chain also contains the top-level CA which signed the client certificates. The client then uses the pki/pems/user.client.pem which contains both the certificate and key for that user. The interesting TLS related bits are summarized in the below sections.

Server

import (
    "crypto/tls"
    "crypto/x509"
    "io/ioutil"
)

...

var e error
var pem []byte
var pemFile = "pki/pems/localhost.chain.pem"
var pool *x509.CertPool = x509.NewCertPool()
var tcfg *tls.Config

// Read in server + CA chain
if pem, e = ioutil.ReadFile(pemFile); e != nil {
    ...
}

// Add certs to pool
if !pool.AppendCertsFromPEM(pem) {
    ...
}

// Require client certificates for connections
tcfg = &tls.Config{
    ClientAuth: tls.RequireAndVerifyClientCert,
    ClientCAs:  pool,
}

...

Client

import "crypto/tls"

...

var e error
var pem tls.Certificate
var pemFile = "pki/pems/user.client.pem"
var tcfg *tls.Config

// Read in x509 PEM certificate (cert + key)
if pem, e = tls.LoadX509KeyPair(pemFile, pemFile); e != nil {
    ...
}

// Use client cert for connections but skip verification b/c
// self-signed CA
tcfg = &tls.Config{
    Certificates:       []tls.Certificate{pem},
    InsecureSkipVerify: true,
}

...