I'm trying to add a PKI certificate to an HTTP client, so that all requests made by it are authenticated to the services they are talking to. I can instantiate an HTTP client by executing:
client := &http.Client{
Transport: &http.Transport{
Proxy: http.ProxyFromEnvironment,
TLSClientConfig: &tls.Config{
// TLS Implementation
}
}
}
This uses the default RoundTripper implementation, which includes a TLS configuration section. However the TLS configuration appears to be shared between client and server. Which of these settings do I need to add so that I can call other PKI services?
It appears that one only needs to add the Certificates attribute to the TLS configuration:
Certificates: []tls.Certificate{cert}
Where cert can be created using the helper function:
cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
Where certFile and keyFile are two strings which point to pem files on disk. As mentioned by Peter, you can also implement GetClientCertificate, but that is unnecessary for implementing PKI support.