There is a server:
package main import ( "crypto/rand" "crypto/tls" "crypto/x509" "fmt" "io/ioutil" "log" "net" ) var sslkey string = "cert.key" var sslcert string = "cert.pem" //Прилетает сообщение func handleConnection(conn net.Conn) { defer conn.Close() buf := make([]byte, 16384) for { _, err := conn.Read(buf) //размер сообщения if err != nil { if err != nil { log.Printf("server: conn: read: %s", err) } break } /* tlscon, ok := conn.(*tls.Conn) //если тип такой if ok { state := tlscon.ConnectionState() //возвращает основные TLS сведений о соединении. sub := state.PeerCertificates[0].Subject // цепочки сертификатов , представленный удаленный узел log.Println(":::::::::", sub) }*/ conn.Write([]byte("PONG")) if err != nil { log.Printf("server: write: %s", err) break } } log.Println("server: conn: closed ip:", conn.LocalAddr()) } func main() { ca_b, err := ioutil.ReadFile("ya.pem") if err != nil { fmt.Println(1) panic(err) } ca, err := x509.ParseCertificate(ca_b) if err != nil { fmt.Println(2) panic(err) } priv_b, err := ioutil.ReadFile("ya.key") if err != nil { fmt.Println(3) panic(err) } priv, err := x509.ParsePKCS1PrivateKey(priv_b) if err != nil { fmt.Println(4) panic(err) } pool := x509.NewCertPool() pool.AddCert(ca) fmt.Println(pool) cert := tls.Certificate{ Certificate: [][]byte{ca_b}, PrivateKey: priv, } fmt.Println("#Sert", tls.RequireAndVerifyClientCert) configg := tls.Config{ ClientAuth: 4, Certificates: []tls.Certificate{cert}, ClientCAs: pool, } configg.Rand = rand.Reader listener, err := tls.Listen("tcp", "192.168.0.130:8080", &configg) if err != nil { log.Println(err) return } defer listener.Close() for { conn, err := listener.Accept() if err != nil { fmt.Println(7) panic(err) } // tlscon, ok := conn.(*tls.Conn) //если тип такой // if ok { // fmt.Println(522) // state := tlscon.ConnectionState() //возвращает основные TLS сведений о соединении. // fmt.Println(state.PeerCertificates) // sub := state.PeerCertificates[0].Subject // цепочки сертификатов , представленный удаленный узел // fmt.Println(544) // fmt.Println(":::::::::", sub) // } else { // fmt.Println("!!!!!!", tlscon) // } fmt.Println(5) if err != nil { fmt.Println(8) panic(err) continue } fmt.Println(9) go handleConnection(conn) } } And the client:
func main() { ca_b, err := ioutil.ReadFile("ya.pem") if err != nil { fmt.Println(1) panic(err) } ca, err := x509.ParseCertificate(ca_b) if err != nil { fmt.Println(2) panic(err) } priv_b, err := ioutil.ReadFile("ya.key") if err != nil { fmt.Println(3) panic(err) } priv, err := x509.ParsePKCS1PrivateKey(priv_b) if err != nil { fmt.Println(4) panic(err) } pool := x509.NewCertPool() pool.AddCert(ca) //fmt.Println(cert2_b) cert := tls.Certificate{ Certificate: [][]byte{ca_b}, PrivateKey: priv, } fmt.Println(cert) config := tls.Config{ ClientAuth: 4, Certificates: []tls.Certificate{cert}, InsecureSkipVerify: true, ClientCAs: pool, } conn, err := tls.Dial("tcp", "192.168.0.130:8080", &config) if err != nil { log.Fatalf("client: dial: %s", err) } defer conn.Close() //log.Println("client: connected to: ", conn.RemoteAddr()) /*state := conn.ConnectionState() for _, v := range state.PeerCertificates { fmt.Println(x509.MarshalPKIXPublicKey(v.PublicKey)) fmt.Println(v.Subject) }*/ reply := make([]byte, 1000) // log.Println("client: handshake: ", state.HandshakeComplete) // log.Println("client: mutual: ", state.NegotiatedProtocolIsMutual) /************************ PING ********************************/ //verifyToken() message := "00:" n, err := io.WriteString(conn, message) n, err = conn.Read(reply) log.Printf("client: read %q (%d bytes)", string(reply[:n]), n) fmt.Println(111) return } Certificate key and pem file in binary form: (Piece)
2559 802b c383 d3b3 0043 d59f 3aa7 529d 13ed 6e63 24c0 0d6e c0c7 ada3 4af0 71d6 0d26 bfee 54bd e875 d165 05b0 8665 67b5 As a result, I get on the server: "client did provide a certificate" Although the certificate pool already tried to score there and there (although it is not necessary on the client). What else could be the problem?
reply2 declared and not used. At the same time, I recommend clearing the code from the comments and giving the commands that you generateya.pemandya.key. - Ainar-G