Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign uptls.Config.VerifyPeerCertificate should have serverHandshakeState or tls.Conn argument #29895
Comments
This comment has been minimized.
This comment has been minimized.
Which information from |
FiloSottile
added
the
WaitingForInfo
label
Jan 23, 2019
FiloSottile
added this to the Go1.13 milestone
Jan 23, 2019
This comment has been minimized.
This comment has been minimized.
the client IP address would be sufficient. I want to compare the connecting IP to the IP in the client certificate SAN field |
This comment has been minimized.
This comment has been minimized.
It's not the easiest thing, but you can use tls.Config already has too many callbacks, so if something is doable with |
FiloSottile
closed this
Jan 23, 2019
This comment has been minimized.
This comment has been minimized.
I can make that work, but is that more efficient/better than changing the method signature for
to
Either way, I appreciate your help and your time |
This comment has been minimized.
This comment has been minimized.
We can't change exported signatures to respect the Go 1 Compatibility Promise. |
LivingInSyn commentedJan 23, 2019
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I want to be able to validate a client certificate's hostname on a TLS server with
ClientAuth: tls.RequireAndVerifyClientCert,
set on the servertls.Config
by using theVerifyPeerCertificate
method.What did you expect to see?
I expected the
serverHandshakeState
ortls.Conn
from theserverHandshakeState
to be passed to theVerifyPeerCertificate
methodWhat did you see instead?
No connection information is passed to the
VerifyPeerCertificate
method