Description
What version of Go are you using (go version
)?
$ go version go version go1.13 linux/amd64
Does this issue reproduce with the latest release?
it does reproduce with the latest Go version in Arch which usually corresponds to the latest release
What operating system and processor architecture are you using (go env
)?
go env
Output
$ uname -ar Linux some-hostname 5.2.13-arch1-1-ARCH #1 SMP PREEMPT Fri Sep 6 17:52:33 UTC 2019 x86_64 GNU/Linux $ go env GO111MODULE="" GOARCH="amd64" GOBIN="/home/__redacted__/go/bin" GOCACHE="/home/__redacted__/.cache/go-build" GOENV="/home/__redacted__/.config/go/env" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GONOPROXY="" GONOSUMDB="" GOOS="linux" GOPATH="/home/__redacted__/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/lib/go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/lib/go/pkg/tool/linux_amd64" GCCGO="gccgo" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build789481132=/tmp/go-build -gno-record-gcc-switches"
What did you do?
I was writing a simple client with client cert authentication. My server allows for this kind of auth along with other possible authentication options. I followed the docs by specifying the Certificates
field for the transport's TLSClientConfig
as so:
https://play.golang.org/p/il0hsOJ-3UG
In this case, however, the cert and key were ignored for the authentication and since the server handles unauthenticated requests by redirecting somewhere else, this redirect indeed happened.
When I changed setting the Certificates
field to instead use the GetClientCertificates
, stuff started working and my server was correctly reacting to my client cert authentication attempts. The new, working code:
https://play.golang.org/p/llosiOPNNGe
What did you expect to see?
I expected the Certificates
field to be still working for client cert auth
What did you see instead?
cert/key pair were ignored, no client auth was attempted