net/http Client side autentication

<p>Hi</p> <p>I&#39;m having issues authenticating to our servers, which require client side authentication.</p> <p>Im sure it has to do with this <a href="https://github.com/golang/go/issues/5742">bug</a> but i couldn&#39;t find a straight answer on how to bypass/workaround this besides using go-curl. Any suggestion would be welcome even if it requires changing some configuration on the server which by the way is running apache.</p> <p>I will need to build a windows and linux, and possibly mobile, versions for this app and i had issues before, when i got started with go, cross compiling with go-curl, and to keep using net/http would be much nicer</p> <p>This is how im connecting to our server, pretty simple..</p> <pre><code>// Load client cert cert, err := tls.LoadX509KeyPair(certFile, keyFile) if err != nil { log.Fatal(err) } // Load CA cert caCert, err := ioutil.ReadFile(caFile) if err != nil { log.Fatal(err) } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) caCert2, err := ioutil.ReadFile(caFile2) if err != nil { log.Fatal(err) } caCertPool.AppendCertsFromPEM(caCert2) caCert3, err := ioutil.ReadFile(caFile3) if err != nil { log.Fatal(err) } caCertPool.AppendCertsFromPEM(caCert3) // Setup HTTPS client tlsConfig := &amp;tls.Config{ Certificates: []tls.Certificate{cert}, //RootCAs: caCertPool, InsecureSkipVerify: true, ClientAuth: tls.VerifyClientCertIfGiven, MinVersion: tls.VersionTLS10, MaxVersion: tls.VersionTLS10, } tlsConfig.BuildNameToCertificate() transport := &amp;http.Transport{TLSClientConfig: tlsConfig} client := &amp;http.Client{Transport: transport} </code></pre> <p>I&#39;ve tried many combinations of the <em>tls.Config</em> with no success but i allways get a</p> <blockquote> <p>local error: no renegotiation </p> </blockquote> <p>or</p> <blockquote> <p>remote error: handshake failure</p> </blockquote> <p>if i meddle with the cipher suites</p> <p>Thanks!</p> <hr/>**评论：**<br/><br/>nerdy900: <pre><p>Are you doing something with your server that a simple:</p> <pre><code>http.Get(&#34;https://myurl&#34;) </code></pre> <p>will not work? If you have a valid ssl setup on your server, it works out of the box.</p> <p>Edit: I misunderstood the thread, I thought that this bug was fixed in go1.5.</p></pre>norwat: <pre><p>The current setup requires a client to provide a valid ssl certificate in order access the server, the example i showed should work with most cases, but it does not for our servers. And i was unable to figure what are the valid server side ssl configurations in order to work with go.</p></pre>nerdy900: <pre><p>Yeah, from the looks of it, this bugfix has been pushed back to go1.7 :( Most of the threads I saw recommended either disabling security(I absolutely do not like this), or using go-curl.</p> <p>Best of luck!</p></pre>norwat: <pre><p>Although this works <a href="https://gist.github.com/ncw/9253562" rel="nofollow">https://gist.github.com/ncw/9253562</a> if i could figure out what settings are required in apache/nginx to duplicate this i could keep net/http but it does seam i have to revert to go-curl and work out the cross compile issues later.</p> <p>Thanks</p></pre>