x509 certificate authentification

[Slach]

is clickhouse-go support https://clickhouse.com/docs/en/operations/external-authenticators/ssl-x509 ?

[jkaflik]

It's not covered by documentation, but it should work pretty easily with a custom TLS config pass to clickhouse.Options:

clickhouse-go/clickhouse_options.go

Line 128 in f373529

TLS *tls.Config

Something like:

caCert, _ := ioutil.ReadFile("ca.crt")
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)

cert, _ := tls.LoadX509KeyPair("client.crt", "client.key")

opts := clickhouse.Options{
      TLS: &tls.Config{
          RootCAs: caCertPool,
          Certificates: []tls.Certificate{cert},
      },
}