I gave up and just call something like the verify example in the x509
package from the secure functions.
https://golang.org/pkg/crypto/x509/#Certificate.Verify
It's not the optimum or what I wanted, but it's better than calling
exec.Command("openssl...")
Regards
-Ismael
El vie., 19 de oct. de 2018 a la(s) 08:10, Ismael Farfan
([email protected]) escribió:
>
> Hello everyone
>
> I'm a little bit in a loss on how to do this, I want to do what this guy does
> in this post using RequireAndVerifyClientCert, but with gRPC:
>
> "Getting the Server to Trust the Client"
> https://ericchiang.github.io/post/go-tls/
>
> I already have CA root and key (pem) files in the server.
> Potential users can create Certificate Sign Requests with "openssl req
> -new...."
> I can sign / approve / provide temporary CSR with "openssl x509 -req...."
> I can check that certs are valid and haven't _expired_ with "openssl
> verify...."
>
>
> So the question is:
> How can I make it so that only clients connecting with a certificate signed
> with the root CA can call [some] functions?
>
>
> If it's to much o a pain to restrict only some functions, restricting the
> whole gRPC server also works for me.
>
> The authentication overview guide says it's possible to extend or customize
> authentication methods, but it seems like such means
> (MetadataCredentialsPlugin) aren't available in golang yet.
> https://grpc.io/docs/guides/auth.html
>
> Any ideas?
> -Ismael
>
> --
> You received this message because you are subscribed to the Google Groups
> "grpc.io" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/group/grpc-io.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/grpc-io/48e78671-f576-4823-a2a4-b87ca053ed9e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Do not let me induce you to satisfy my curiosity, from an expectation,
that I shall gratify yours. What I may judge proper to conceal, does
not concern myself alone.
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/CANXECd6Azce8RytxuT2e2VReNn3TjAba-h-4RNDXO4iz5W%3DfkQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
