How to turn x509.Certificate into tls.Certificate in Go?

Question

How to turn x509.Certificate into tls.Certificate in Go?

I am using x / crypto / pkcs12 to download a .p12 formatted file in DER format. There is an example in the documentation that uses tls.X509KeyPair to create tls.Certificate , which can be used for an HTTP client.

It works great and works great. But then I also want to check that the certificate has not expired. The pkcs12 library also has a decoding function that returns an x509 certificate, which I can use the Verify on method. This also works great.

It seems strange to me that I decrypt DER twice. Once to check x509.Certificate and get a tls.Certificate . I don't know the relationship between these two certificate structures, but seeing that there is a function in the tls package called tls.X509KeyPair that takes several bytes, there should not be an obvious way to get tls.Certificate from x509. Certificate or vice versa? What am I missing?

+5

cryptography go

nathany Dec 10 '15 at 1:32

source share

1 answer

Matt · Accepted Answer · 2015-12-10T05:07:25+0000

A tls.Certificate often stores a certificate chain - in other words,> 1 certificate. Note that the Certificate field is of type [][]byte , where each certificate is []byte .

The tls package imports the x509 package, so there is no function in x509 to receive tls.Certificate; which will cause the import loop. But if you have x509.Certificate certificate, you already have tls.Certificate; just put x509.Certificate Raw bytes in tls.Certificate Certificate slice.

How to turn x509.Certificate into tls.Certificate in Go?

More articles: