Hi Gophers! Is there a way to get the subject of a client cert when the TLS handshake fails? We are getting spammed with TLS handshake errors and there is no easy way to see what clients are trying to authenticate. The remote address in the log is the load balancer IP. Ideally, we’d like to log the client cert subject when TLS handshake fails.
http: TLS handshake error from 10.x.x.x:12345: tls: failed to verify client certificate http: TLS handshake error from 10.x.x.x:12345: tls: client didn't provide a certificate caCert, _ := ioutil.ReadFile("ca.crt") caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) tlsConfig := &tls.Config{ ClientCAs: caCertPool, ClientAuth: tls.RequireAndVerifyClientCert, } tlsConfig.BuildNameToCertificate() r := mux.NewRouter() r.HandleFunc("/", client.DefaultHandler) server := &http.Server{ Addr: ":9443", TLSConfig: tlsConfig, Handler: r, } server.ListenAndServeTLS("server.crt", "server.key") -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/7af5b0d4-efcb-4a6c-82d5-13da1a1e0bd8n%40googlegroups.com.