Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement the VerifyPeerCertificate mint.Config option #172

Merged
merged 2 commits into from
Feb 1, 2018
Merged

implement the VerifyPeerCertificate mint.Config option #172

merged 2 commits into from
Feb 1, 2018

Conversation

marten-seemann
Copy link
Collaborator

@marten-seemann marten-seemann commented Jan 29, 2018
edited
Loading

Depends on #170. Replaces #163.

This PR replaces the Config.AuthCertificate with a Config.VerifyPeerCertificate. The purpose of both methods is similar (although AuthCertificate never actually worked). VerifyPeerCertificate is supposed to work exactly like the tls.Config.VerifyPeerCertificate in the standard library.

Note that currently for the server, the verifiedChains argument for VerifyPeerCertificate is always nil. This is consistent with the way we implement client auth (by just requiring the client so send any certificate), which is one of the ways the Go standard library allows client certificate verification. I created #171 to track this, and I'll be happy to contribute some code to resolve this issue in the future.

The code was taken from the Go standard library:

@marten-seemann marten-seemann mentioned this pull request Jan 29, 2018
Merged
@bifurcation bifurcation merged commit 189694f into bifurcation:master Feb 1, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bifurcation bifurcation bifurcation approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marten-seemann @bifurcation