mirror of
https://github.com/golang/go
synced 2024-11-21 23:54:40 -07:00
http: Transport: with TLS InsecureSkipVerify, skip hostname check
Fixes #2386 R=golang-dev, rsc CC=golang-dev https://golang.org/cl/5312045
This commit is contained in:
parent
8bfb217123
commit
2cab897ce0
@ -7,6 +7,7 @@
|
||||
package http_test
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
. "http"
|
||||
"http/httptest"
|
||||
@ -292,3 +293,26 @@ func TestClientWrites(t *testing.T) {
|
||||
t.Errorf("Post request did %d Write calls, want 1", writes)
|
||||
}
|
||||
}
|
||||
|
||||
func TestClientInsecureTransport(t *testing.T) {
|
||||
ts := httptest.NewTLSServer(HandlerFunc(func(w ResponseWriter, r *Request) {
|
||||
w.Write([]byte("Hello"))
|
||||
}))
|
||||
defer ts.Close()
|
||||
|
||||
// TODO(bradfitz): add tests for skipping hostname checks too?
|
||||
// would require a new cert for testing, and probably
|
||||
// redundant with these tests.
|
||||
for _, insecure := range []bool{true, false} {
|
||||
tr := &Transport{
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: insecure,
|
||||
},
|
||||
}
|
||||
c := &Client{Transport: tr}
|
||||
_, err := c.Get(ts.URL)
|
||||
if (err == nil) != insecure {
|
||||
t.Errorf("insecure=%v: got unexpected err=%v", insecure, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -362,9 +362,11 @@ func (t *Transport) getConn(cm *connectMethod) (*persistConn, os.Error) {
|
||||
if err = conn.(*tls.Conn).Handshake(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if t.TLSClientConfig == nil || !t.TLSClientConfig.InsecureSkipVerify {
|
||||
if err = conn.(*tls.Conn).VerifyHostname(cm.tlsHost()); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
pconn.conn = conn
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user