Попытка перенести рабочий код Java с проверкой подлинности сертификата клиента https на golang, но при этом произошла ошибка tls handshake
go version go1.12.9 linux / amd64
сведения о сертификате клиента
openssl pkcs12 -info -in p12file.p12
Enter Import Password:
MAC: sha1, Iteration 2048
MAC length: 20, salt length: 8
PKCS7 Encrypted dat..
Certificate bag
Bag Attributes
friendlyName: test
localKeyID:..
subject=CN = *....com
issuer=C = US, O = DigiCert Inc...
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Certificate bag
Bag Attributes: <No Attributes>
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidS...
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
....
рабочий код Java
url = new URL(https_url);
HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream()));
//geting 405 status - so its working
able to establish https connection with this arg -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=./p12file.p12 -Djavax.net.ssl.keyStorePassword=password
проблема golang (удалена часть обработки ошибок)
fb, err := ioutil.ReadFile(p12file)
b, err := pkcs12.ToPEM(fb, password)
cert, err := tls.X509KeyPair(pem.EncodeToMemory(b[0]), pem.EncodeToMemory(b[2]))
//b[0] and b[1] is CERTIFICATE, b[2] is PRIVATE KEY, with 1&2 getting 'private key does not match public key'
//also tried
// openssl pkcs12 -in ./p12file.p12 -clcerts -nokeys -out certfile.crt
// openssl pkcs12 -in ./p12file.p12 -nocerts -nodes -out keyfile.key
// cert, err := tls.LoadX509KeyPair(certFile, keyFile)
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
InsecureSkipVerify: true,
}
tlsConfig.BuildNameToCertificate()
transport := &http.Transport{TLSClientConfig: tlsConfig}
client := &http.Client{Transport: transport}
resp, err := client.Get(url)
получение 'удаленная ошибка: tls: сбой рукопожатия'