Thanks, I'll give it a try : )
El lunes, 22 de octubre de 2018, 8:21:02 (UTC-5), Evan Jones escribió: > > I think the built-in NewServerTLSFromCert should do what you want. See > the example here: > https://grpc.io/docs/guides/auth.html#with-server-authentication-ssltls > > Or the raw API docs: > https://godoc.org/google.golang.org/grpc/credentials#NewServerTLSFromCert > > > The gRPC documentation isn't super clear about how you should use these, > but if the default configuration doesn't do what you want, you can call > NewTLS with your own tls.Config that contains the options you want (e.g. > the root certificate that you want to trust, etc). > > Hope that helps, > > Evan Jones > > > > On Friday, October 19, 2018 at 4:50:19 PM UTC-4, Ismael Farfan wrote: >> >> I gave up and just call something like the verify example in the x509 >> package from the secure functions. >> https://golang.org/pkg/crypto/x509/#Certificate.Verify >> >> It's not the optimum or what I wanted, but it's better than calling >> exec.Command("openssl...") >> >> Regards >> -Ismael >> >> >> El vie., 19 de oct. de 2018 a la(s) 08:10, Ismael Farfan >> ([email protected]) escribió: >> > >> > Hello everyone >> > >> > I'm a little bit in a loss on how to do this, I want to do what this >> guy does in this post using RequireAndVerifyClientCert, but with gRPC: >> > >> > "Getting the Server to Trust the Client" >> > https://ericchiang.github.io/post/go-tls/ >> > >> > I already have CA root and key (pem) files in the server. >> > Potential users can create Certificate Sign Requests with "openssl req >> -new...." >> > I can sign / approve / provide temporary CSR with "openssl x509 >> -req...." >> > I can check that certs are valid and haven't _expired_ with "openssl >> verify...." >> > >> > >> > So the question is: >> > How can I make it so that only clients connecting with a certificate >> signed with the root CA can call [some] functions? >> > >> > >> > If it's to much o a pain to restrict only some functions, restricting >> the whole gRPC server also works for me. >> > >> > The authentication overview guide says it's possible to extend or >> customize authentication methods, but it seems like such means >> (MetadataCredentialsPlugin) aren't available in golang yet. >> > https://grpc.io/docs/guides/auth.html >> > >> > Any ideas? >> > -Ismael >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "grpc.io" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected]. >> > To post to this group, send email to [email protected]. >> > Visit this group at https://groups.google.com/group/grpc-io. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/grpc-io/48e78671-f576-4823-a2a4-b87ca053ed9e%40googlegroups.com. >> >> >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> Do not let me induce you to satisfy my curiosity, from an expectation, >> that I shall gratify yours. What I may judge proper to conceal, does >> not concern myself alone. >> > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/48f8d345-899a-4b09-a816-f1fd1cded990%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
