add 6-dual-verify-certs

Author: bigwhite

gohttps/6-dual-verify-certs/README

@@ -0,0 +1,17 @@
+ca:
+openssl genrsa -out ca.key 2048 
+openssl req -x509 -new -nodes -key ca.key -subj "/CN=tonybai.com" -days 5000 -out ca.crt
+
+server:
+openssl genrsa -out server.key 2048 
+openssl req -new -key server.key -subj "/CN=localhost" -out server.csr
+openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 5000
+
+client:
+openssl genrsa -out client.key 2048 
+openssl req -new -key client.key -subj "/CN=tonybai_cn" -out client.csr
+openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 5000
+
+
+client:
+openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile client.ext -out client.crt -days 5000

gohttps/6-dual-verify-certs/ca.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJjCCAg6gAwIBAgIJAJ9bnz2gjnCSMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
+BAMTC3RvbnliYWkuY29tMB4XDTE1MDQzMDEzMzMxOVoXDTI5MDEwNjEzMzMxOVow
+FjEUMBIGA1UEAxMLdG9ueWJhaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDFNFEpWELN11i41KuFNnrqhJTXpkDxoNThkJpARAWerGyoh7UC4vjI
+cfcC9TxsGMImtDB8fWowR6tjIxO2Rg4zatbyZB35+bN7zT0wwnRZMBq9BBP0+P8f
+KW1CpelEowCAakQ70Soiohf0BRlJJla/GgndMEGomWH6n7gok5XF6+UCj3ifCf8+
+U+Y1zy6dDBngE/IW9G8j3K5jqbYRJTMSF3ZlESPTvvewhimFTwVUwD3VT7DoacLL
+GHBZoNGVjytIbvMMYyh70O+iLkzrUb2kLvrIPlD4Fu66gSH1QKINeLV3FwHTskVg
+Poo/jXUnj0doEep/cxMZP3Kk0Ijz0LqbAgMBAAGjdzB1MB0GA1UdDgQWBBTYGqzF
+1x7tEn3eOX7TAjl6+h7HbjBGBgNVHSMEPzA9gBTYGqzF1x7tEn3eOX7TAjl6+h7H
+bqEapBgwFjEUMBIGA1UEAxMLdG9ueWJhaS5jb22CCQCfW589oI5wkjAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCwuOqQr7NR1zExI7dPDe972GmucMjf
+pCuWlaaHutpJ88uCArtpdpyP0G4tlDGKFNLMFnG+ux5uY/pXl3Rm0naODTgsx71a
+DGenHXvpa4iy1TCogEMWXXEsOUYjndmLOIMqFalYMa0ywbyWV60jWNuE31RBw1zI
++qBrr9m3YNs/ediFnXOtAGEhYEeh2e0jBEFEMbU1Q/Cv6Txu+RRnmqokUqV5cNOz
+nt0O2mJQxKl5Hkmv9IZ61XNwQ5SXZidwdETh5i8kEDFfKX2HeYbWQZF27NWpXzgw
+lF6vIv9LcD1RnERSvdRQKzjePsSBbp78ZohLaXkWLubiHNqoot2fNJyz
+-----END CERTIFICATE-----

gohttps/6-dual-verify-certs/ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAxTRRKVhCzddYuNSrhTZ66oSU16ZA8aDU4ZCaQEQFnqxsqIe1
+AuL4yHH3AvU8bBjCJrQwfH1qMEerYyMTtkYOM2rW8mQd+fmze809MMJ0WTAavQQT
+9Pj/HyltQqXpRKMAgGpEO9EqIqIX9AUZSSZWvxoJ3TBBqJlh+p+4KJOVxevlAo94
+nwn/PlPmNc8unQwZ4BPyFvRvI9yuY6m2ESUzEhd2ZREj0773sIYphU8FVMA91U+w
+6GnCyxhwWaDRlY8rSG7zDGMoe9Dvoi5M61G9pC76yD5Q+BbuuoEh9UCiDXi1dxcB
+07JFYD6KP411J49HaBHqf3MTGT9ypNCI89C6mwIDAQABAoIBAEso/230l7GAS+5W
+D/E7rGlJkrkGQmZVWA2IYWHxCvtI2Dj7UAADpbIvzWcxNJA2d3js4DXyTtCL4ERu
+kAq+dJcgN0A27D3j74ZV2OaGlnWPogE8VqbdZ87mqR/nwBpKzdwjpFHwDFEa2mpE
+rzh0Bkfbkrrcs4mgu/kbesLsTP8bl63B8rhKXiAfAi/59V5RIFyNwxeBe7YfAvVe
+Eobgu87a5JEK60699mX/v3j6xVlw2fHOqNS8RbpkimuRbmteVH9LKI1/tM9B/+6f
+NQJQvTWP6N7e2FTBVk08yfKCYzAGgmAXl6MVMg/S/rEUhGUn0DP2VG4axQvTa1Tq
+jESUCrECgYEA7R+C+2WK9m40UMYhm1Wx3p3lkgMBCrl0Ascrg6LEZQxS5adrq6X/
+p4j83mNsslwr2v6/bfgrAs0T4WFsxkKdcsCZ0UX0OjezqFC+2b1q/RkYSyXQ8Zid
+xk8sorAqw45Fpmk+shXq2DO0NbLYliD7ra0gITg85/5uCEgX6laow+8CgYEA1OdG
+c+VCNmVGpluG5vgp2WI349jJmtJOVv3T3ABvKrgINwBFL8M5+2+6mMA/2nC8sQgK
+IuK/AF6pzin0HGlCR4ycs9EhcepDX0tgcvqt6nqtwI7QQ2WwBTKfDo7vubLbjG82
+AsOnRhgiTCUJGl7xBELHjmdCG2Bssl5M/iTJ2BUCgYA91ZPQfuBH9uEJl0E4QpaJ
+mN8+vi3NYCMSfmGoiA9y0k3juU7oifcq9xwJ2h+EO2jsSLYetTJyHoxqn39ADCsG
+u5bg7b8MV24wHC5IlY6KxbqCDjB4b/XkuszG9+2O5VDgXl2NDw4YpxL9VdAJBjzb
+Q2Q3hXTMgpqq6jHiWArWXQKBgQCgwBse6KwsvB0zAIqEHD4k55cBjy7xmfcSkcaE
+J0PIgnmZZbfXj1VZNowyR34u5c5i8IoOuxuyIMefZWfuh79GnLG4x5+0DkheTGB/
+kCz+jTBh4rL3IHFeC1GzQVNZ5+UDTPj/71B+iTxkN9Z+tc7PA8j/CZINb6nCp5cE
+kSxh3QKBgFn+viu4lhhmZte2/IBog5ytoYaU4oTlRDBVUAJfN7BgBzehhlPCa4WY
+sw2ljmejqsrhmwEgxnT83+lBcMfNTr7V3UDZZDTxs3AuxYpWLopPxiF+cuZn6ctB
+XN+3Dbgo+mVbdpPteBuboXwtxkz8nQ2yv2mjet2CWOvuOWMoMHKg
+-----END RSA PRIVATE KEY-----

gohttps/6-dual-verify-certs/ca.srl

@@ -0,0 +1 @@
+D6E3F6FAAE65EDE0

gohttps/6-dual-verify-certs/client.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa2gAwIBAgIJANbj9vquZe3gMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
+BAMTC3RvbnliYWkuY29tMB4XDTE1MDQzMDE0NDIxNFoXDTI5MDEwNjE0NDIxNFow
+FTETMBEGA1UEAxQKdG9ueWJhaV9jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOQSIlB1rrKKnlbV830xe6p1XT+QBU7/7ZoKKnUVQxct8U1IBdpPO2FZ
+vhhDD58bkE03xV7mcgfDsbminbREsRAMAW+KTTTP4IOwytKJjym9n9IRxyT0M8dI
+61YuK3rZU/rGu40ZSDK8LWEJPL5c2FkleeETEyKkOIEw7cWIB5chT425VL0XOcrc
+aQ7QeDcfa1O3P1IC+9Z+tLboRU1N+sY7eA7XoErLLYT1MpRn04X0EG/AvjBkw4JG
+5TsnbkYrot0scFGrlW4pqur6LB7SprakK+D+VjQoLB8sN1yo2OrIOs4rp8D7dkmW
+6VnrzZFSLLlVfCLIpdZ8ewCLRCJUksECAwEAAaMXMBUwEwYDVR0lBAwwCgYIKwYB
+BQUHAwIwDQYJKoZIhvcNAQEFBQADggEBABmJiKjI5/p+UYBbr8QNKyk5oP+jyrCQ
+CqVCutHThfP+ChnRblS+cVYZNXy2FalXC7zkzaQIFlNwkY6ius+tMFQzIh/f7BjV
+iKm9HWUe8mkPMwqjuQNSRTbeMIwj6CUDcyO7QzUKzqMwVfa6/XwKMDGFMpdCrTGi
+rkC3mkc0Js3qQu8s63lKtQGGcWK0joEJAAX23SDHjrK0F14UvKeJikf7VoaP5xnG
++BGiH6cf9UYS343ECzPqYLFRoyikSEYweQiHbsQKs1VS388uhtM6KKZvVe60/ULV
+dAZCm8S+KehP340VILjp4gwE4FhWd1jTenmznQKiJE8CTB2SEq6qDcM=
+-----END CERTIFICATE-----

gohttps/6-dual-verify-certs/client.csr

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICWjCCAUICAQAwFTETMBEGA1UEAxQKdG9ueWJhaV9jbjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOQSIlB1rrKKnlbV830xe6p1XT+QBU7/7ZoKKnUV
+Qxct8U1IBdpPO2FZvhhDD58bkE03xV7mcgfDsbminbREsRAMAW+KTTTP4IOwytKJ
+jym9n9IRxyT0M8dI61YuK3rZU/rGu40ZSDK8LWEJPL5c2FkleeETEyKkOIEw7cWI
+B5chT425VL0XOcrcaQ7QeDcfa1O3P1IC+9Z+tLboRU1N+sY7eA7XoErLLYT1MpRn
+04X0EG/AvjBkw4JG5TsnbkYrot0scFGrlW4pqur6LB7SprakK+D+VjQoLB8sN1yo
+2OrIOs4rp8D7dkmW6VnrzZFSLLlVfCLIpdZ8ewCLRCJUksECAwEAAaAAMA0GCSqG
+SIb3DQEBBQUAA4IBAQBfW178MTUDooIJCuZJWUmaGIfKDuSv805r8JPnUlalODzC
+o1Ef473+MjJcjlgQfYtG8k6TLeV1lW+v5d5epnciD4Qb+vekNRbxALVZ8N/TUhpq
+y2EunDojxCvVXBq+MUU1W9rQ3JFFfJKeaSWlKz1TbIBLm3vJ54/pBRvABgYwLcLR
+L+qFS3+gkp8yKkenCdvjU/3K6QONtuQxorcz7/VhY3GYKzYEc+umAPorsNXq4hvS
+yHZo/tPnZreiL1DjhOVQoy+fPG4MwfjlVW9cBAMttKVZMRMHrfb6ZxtF75GAG5pV
+vuFhyV0+7uOHGe4MJza4AF+FcAL5WxLAjieNWD/m
+-----END CERTIFICATE REQUEST-----

gohttps/6-dual-verify-certs/client.ext

@@ -0,0 +1 @@
+extendedKeyUsage=clientAuth

gohttps/6-dual-verify-certs/client.go

@@ -0,0 +1,43 @@
+package main
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+func main() {
+	pool := x509.NewCertPool()
+	caCertPath := "ca.crt"
+
+	caCrt, err := ioutil.ReadFile(caCertPath)
+	if err != nil {
+		fmt.Println("ReadFile err:", err)
+		return
+	}
+	pool.AppendCertsFromPEM(caCrt)
+
+	cliCrt, err := tls.LoadX509KeyPair("client.crt", "client.key")
+	if err != nil {
+		fmt.Println("Loadx509keypair err:", err)
+		return
+	}
+
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{
+			RootCAs:      pool,
+			Certificates: []tls.Certificate{cliCrt},
+		},
+	}
+	client := &http.Client{Transport: tr}
+	resp, err := client.Get("https://localhost:8081")
+	if err != nil {
+		fmt.Println("Get error:", err)
+		return
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	fmt.Println(string(body))
+}

gohttps/6-dual-verify-certs/client.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA5BIiUHWusoqeVtXzfTF7qnVdP5AFTv/tmgoqdRVDFy3xTUgF
+2k87YVm+GEMPnxuQTTfFXuZyB8OxuaKdtESxEAwBb4pNNM/gg7DK0omPKb2f0hHH
+JPQzx0jrVi4retlT+sa7jRlIMrwtYQk8vlzYWSV54RMTIqQ4gTDtxYgHlyFPjblU
+vRc5ytxpDtB4Nx9rU7c/UgL71n60tuhFTU36xjt4DtegSssthPUylGfThfQQb8C+
+MGTDgkblOyduRiui3SxwUauVbimq6vosHtKmtqQr4P5WNCgsHyw3XKjY6sg6ziun
+wPt2SZbpWevNkVIsuVV8Isil1nx7AItEIlSSwQIDAQABAoIBACW9rnn8D22yLKOY
+AhP8hUde5pBnJ8m75jiwZ/g6DYEfdCfivD01EVF5xVBEgKhGqmlsyjd7EPGh+54J
+f+ld2KMcKXyouT/9Cl0ge1+9rbgtje34TSkbVBotQexf9Yf9wLzl+BFQVrc2lpfR
+LIEf4hlWb0XEn00DOep/C0m9yevDImmDiv4PEIEYhJdIMKFaNiJTzM7hKO2K1sxa
+vUT+N8I0GJvOpFbyTIaZeRqYaE7UDSYhPwMjSvioJ7saE44WDokZ3JL0/w81jv8T
+DcXbd+lN6Ok90WXRa8m+nLaWhs3+eDG6eD5OuzuMWKymZyLErEEJ/DLA5lz4fMVs
+VFfzvIUCgYEA9OO91nYwGwV2CuWNOaMmcehJBNgMnuHMrv4u82nM7Ocr1eP/1NE3
+y9WwjNGfwK/ls0Ialm1OhCo0Fu0ZIOCMtG7pPFJ0LANLap1C0yWOQGUwJrWzCqt2
+wuJmJdy9chxutS9bEyE2FsUt9ClqpO2tvbfT3xUScCZEmGvlqZKPpFsCgYEA7msN
+NXzK3/oiOgCknlsQVQTwDfzm5/mKPUKpLsUu7+HxwOdfeZL1we0RJctuwNNbS1oc
+uLyuwk7FHIzx79JPG2UqQorICpcE6XHOvnqSU46qhRU6wZfH9qczZcQcFxQY1r9N
+vJ3oIYvtKoOX8WYPe7xoZbqSR5WSRqtgX/FgIBMCgYBlIQdsYTJMdlzg8xr3CmD9
++SbuUSolEqosOdu5uZ9e1bhMg/NKN3wLORvHi2mlcP4yoMHKDSm3epY4QYF3CkQQ
+3xyCRKqk4ldql7bY61FrVl4kHjTp2xUYNdZpHFc/oG43dG7v328uyA7KHbBkm6J8
+DkX4ggMzPRpmt2gINvYKsQKBgGMPe7eDmE+jgGEVL1DUiV6p5IwLTm2IE1YMwnq6
+Vxw4htgdyl+bHh1rQLqxYd0gdEhEsrZXP01gqSmJrmR0v4WkbQCk5STxRoswTDR8
+fRvWpScSgQ064UysgACCkSFNqlxftA7wlSiLGQmXD6SvQTOqPr413N19Wf+e6TYz
+9jqdAoGADYXckApBYpjiJHn1VKNdj1suIgwcENyGXE+i2ax3fnLE24CgARdKW0F2
+5yjfkYM4IklOAdDC8QcvdWSDKQYvo2Ubqq0DgqSYac91ljfehHs2qrYv1FOULlJF
+46SLuUSzBj8xvQHwhE5eyW9pjAU6F3MRIwYonD2mLj+10Y/WH2c=
+-----END RSA PRIVATE KEY-----

gohttps/6-dual-verify-certs/server.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAY4CCQDW4/b6rmXt3jANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwt0
+b255YmFpLmNvbTAeFw0xNTA0MzAxMzM1MjdaFw0yOTAxMDYxMzM1MjdaMBQxEjAQ
+BgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMtYdbQm4OxyFoUeGmmtuyy+1mev0vEP+44lwE+HRnLdtydBksrvKByzydRLLMQa
+0oQEO/w6PpV2E5j1N0ReeQLcuN8M/PAZiiyQ5fNNad8mSJSbfu2ZWJwnAFIBLh3y
+nTMfzQHodMIRHWA0+esFeSn9daWpBZ0X4NHB/3istL9NilxRwQOC5c77vaKOVUJP
+b0eaRN8Z+d1R2III0KO9KAXo/CTyz80KrnIJkcrAi3BMLv6gE1PhYxmpKyPX6Lhd
+uj2QWVlk7UnYvzIepp4rmeAdOGaCg6CVJdP2ipWjqt4BwwHjrbszOvteHEaI7/zI
+qtDB4WUvlQdZg3owPa0Q6C0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAccszQ9XX
+0qDOXW1lFPMP11QV9N7V2z+X3C6UIcR0C5Iq+JKDl5z0mn/VsKLFN+gAQrpN8siU
+OXJNhL+hH7xB6mYjvZkT5rNVe5WRyIjILxpwAoRwAXXU91jkpJrCrzaM8+xSqu/I
+xYidmBGqJrkLUE5p4MMc2EgVuqT4Xc5V4YdIYCqvVmF7iaa1GY7lN3KdvTEABFRm
+ubZQJAgIuMcSAxWWXu8AbSGZISq8YTEQ+pY1+pBcRMJu3h3Cn/6O+MVnEmB3AjFv
+TccaPfe+57wNV7ODpF+B53JGEz44s+ChLJzqqN57p6wFLvu9ySV6buQp/yuegyo0
+t3b6d2e5pxHTXg==
+-----END CERTIFICATE-----