Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for DTLS certificate export #103

Closed
vidavidorra opened this issue Mar 11, 2020 · 1 comment · Fixed by #106
Closed

Support for DTLS certificate export #103

vidavidorra opened this issue Mar 11, 2020 · 1 comment · Fixed by #106

Comments

@vidavidorra
Copy link

I couldn't find this to be supported ATM, but how difficult would it be to support this or is this already supported?

I'm also still figuring out in pion/dtls how i can export certificates, so once that is figured out, this ticket should become more specific. Nonetheless, I figured creating a ticket here to see if anyone has done anything similar, and get the ball rolling once I've figured out how to export the certificate from pion/dtls.
After a fist look (and I'm not sure whether this is indeed right until the dtls is figured out) it might mean that the dtls.Conn needs to be exposed somehow from coap.ListenAndServeDTLS.
@jdbruijn
Copy link
Collaborator

jdbruijn commented Mar 24, 2020
edited
Loading

I've got everything in the DTLS figured out, now need to find out how to do this in coap.
In pion/dtls I can now do the following to get the remote certificate, where conn is of type net.Conn.

conn, err := listener.Accept()
util.Check(err)
// defer conn.Close() // TODO: graceful shutdown

dtlsConn := conn.(*dtls.Conn)
cert := dtlsConn.RemoteCertificate()
fmt.Println("Remote certificate: \n", cert)

I'm currently trying to get to know the go-coap codebase a little bit better. @jkralik do you have any pointers to get me started?
In the end I'd need to get the (DTLS) remote certificate in the handler functions (e.g. handleA in the DTLS server example.

I'm thinking to add a a field for net.Conn to HandlerFunc or to Request. I've tried to understand it a bit and initially thought I'd be able to use req.Client.srv but req.Client only exposes its functions. When I logged req.Client I saw that srv is nil and only commander is set to a value (&{<nil> <nil> 0xc000201350 <nil> false}).
I'll keep looking further but would love some guidance on how to do this and in general whether you'd want something like this in the code. (I'ld need it to pass the client certificates through to another process so I'd need to fork this or something if you don't want this in the code base).

BTW: I'm the same user as @vidavidorra , but am currently in the process of changing that to an organisation so from now on will be using this user.

This was referenced Mar 25, 2020
Merged
Merged
@jkralik jkralik closed this as completed Apr 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(cert): add peer certificates to the incoming request
2 participants
@jkralik @jdbruijn