net/http: Client cert auth with TLSClientConfig Certificates is not working while using GetCertificates works #34258
Labels
Comments
Thank you for the report @stlaz and welcome to the Go project! Kindly pinging a crypto expert @FiloSottile to take a look since this involves an interactions |
I think I found an issue in our server which behaves quite extraordinarily and won't properly advertise all the CA names for client cert authentication. This explains why forcing certain client certs in Therefore this is not a bug. Sorry! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
it does reproduce with the latest Go version in Arch which usually corresponds to the latest release
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I was writing a simple client with client cert authentication. My server allows for this kind of auth along with other possible authentication options. I followed the docs by specifying the
Certificates
field for the transport'sTLSClientConfig
as so:https://play.golang.org/p/il0hsOJ-3UG
In this case, however, the cert and key were ignored for the authentication and since the server handles unauthenticated requests by redirecting somewhere else, this redirect indeed happened.
When I changed setting the
Certificates
field to instead use theGetClientCertificates
, stuff started working and my server was correctly reacting to my client cert authentication attempts. The new, working code:https://play.golang.org/p/llosiOPNNGe
What did you expect to see?
I expected the
Certificates
field to be still working for client cert authWhat did you see instead?
cert/key pair were ignored, no client auth was attempted
The text was updated successfully, but these errors were encountered: