[go-nuts] Re: mutual TLS authentication (sometimes)

Wed, 20 Nov 2019 04:32:28 -0800 

How did I miss that?!  Awesome, thanks!

On Wed, Nov 20, 2019 at 4:17 AM Anthony Martin <al...@pbrane.org> wrote:

> Matthew Zimmerman <mzimmer...@gmail.com> once said:
> > I've also thought about authenticating on a different domain name
> > auth.service then redirecting to data.service or something like that
> where
> > the cookie would be issued to the *.service domain, however that's still
> > one tls.Config and using SNI with tls.Config.GetCertificate() and I don't
> > know of a way to change the tls.Config.ClientAuth for a server based upon
> > the SNI.
> >
> > Any ideas?
>
> % go doc crypto/tls Config.GetConfigForClient
> package tls // import "crypto/tls"
>
> type Config struct {
>     // GetConfigForClient, if not nil, is called after a ClientHello is
> received
>     // from a client. It may return a non-nil Config in order to change
> the Config
>     // that will be used to handle this connection. If the returned Config
> is nil,
>     // the original Config will be used. The Config returned by this
> callback may
>     // not be subsequently modified.
>     //
>     // If GetConfigForClient is nil, the Config passed to Server() will be
> used for
>     // all connections.
>     //
>     // Uniquely for the fields in the returned Config, session ticket keys
> will be
>     // duplicated from the original Config if not set. Specifically, if
>     // SetSessionTicketKeys was called on the original config but not on
> the
>     // returned config then the ticket keys from the original config will
> be copied
>     // into the new config before use. Otherwise, if SessionTicketKey was
> set in
>     // the original config but not in the returned config then it will be
> copied
>     // into the returned config before use. If neither of those cases
> applies then
>     // the key material from the returned config will be used for session
> tickets.
>     GetConfigForClient func(*ClientHelloInfo) (*Config, error)
>
>     // ... other fields elided ...
> }
> %
>
> Cheers,
>   Anthony
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/CAD53Lr4xM0esk0s3tacPRq99w%2BNkF2r4y5PBqf0uELp%2BDnqysw%40mail.gmail.com.

Reply via email to