开发问题:
How to find out which types implement which interface in Golang?
How do you quickly find the implementation(s) of an interface in Golang?
Ctrl + Alt+b
Ctrl +b show usage
证书问题1:
2018/03/09 10:44:13 check userEcaCert signature: x509: invalid signature: parent certificate cannot sign this kind of certificate
解决:
ecaCert.BasicConstraintsValid = true
ecaCert.IsCA = true
ecaCert.KeyUsage = x509.KeyUsageCertSign
证书问题2:
根证书、二级证书、三级证书都能经过https验证都需要加上以上三个参数
D:\project>server.exe
2018/03/13 09:38:39 http: TLS handshake error from 127.0.0.1:56660: tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of "x509: invalid signature: parent certificate cannot sign this kind of certificate" while trying to verify candidate authority certificate "usechaineca")
Cert := &x509.Certificate{
SerialNumber: big.NewInt(1658),
Subject: pkix.Name{
Country: []string{"CN"},
Organization: []string{"usechainEca"},
OrganizationalUnit: []string{"eca"},
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10,0,0),
SubjectKeyId: []byte{1,2,3,4,6},
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
IsCA: true,
KeyUsage: x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign,
}
如果是openssl生成的则需要客户端证书改成如下格式:
openssl genrsa -out client.key 2048
openssl req -new -key client.key -subj "/CN=client" -out client.csr
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 5000
改成:
openssl genrsa -out client.key 2048
openssl req -new -key client.key -subj "/CN=client" -out client.csr
echo extendedKeyUsage=clientAuth > extfile.conf
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.conf -out client.crt -days 5000
有疑问加站长微信联系(非本文作者)