certstore

package
v0.32.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package certstore handles loading client certificates and private keys from an OS-specific certificate store.

Index

Constants

This section is empty.

Variables

View Source 
var IsCertstoreSupported = false

IsCertstoreSupported indicates that the cert store is not supported.

Functions

func GetClientCertificateFunc 

func GetClientCertificateFunc(
	issuerFilter, subjectFilter string,
) (func(*tls.CertificateRequestInfo) (*tls.Certificate, error), error)

GetClientCertificateFunc returns a function suitable for use as a tls.Config.GetClientCertificate callback. This function searches for a client certificate in the system trust store according to the list of acceptable CA names from the Certificate Request message, with optional additional filter conditions based on the Issuer name and/or the Subject name in the end-entity certificate.

Filter conditions should be of the form "attribute=value", e.g. "CN=my cert name". Each condition may include at most one attribute/value pair. Only attributes corresponding to named fields of pkix.Name may be used (attribute keys are compared case-insensitively). These attributes are:

  • commonName (CN)
  • countryName (C)
  • localityName (L)
  • organizationName (O)
  • organizationalUnitName (OU)
  • postalCode
  • serialNumber
  • stateOrProvinceName (ST)
  • streetAddress (STREET)

Names containing multiple values for the same attribute are not supported.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.