mirror of
https://github.com/golang/go
synced 2024-10-04 13:21:22 -06:00
fca335e91a
crypto/tls has two functions for creating a client connection: Dial, which most users are expected to use, and Client, which is the lower-level API. Dial does what you expect: it gives you a secure connection to the host that you specify and the majority of users of crypto/tls appear to work fine with it. Client gives more control but needs more care. Specifically, if it wasn't given a server name in the tls.Config then it didn't check that the server's certificates match any hostname - because it doesn't have one to check against. It was assumed that users of the low-level API call VerifyHostname on the certificate themselves if they didn't supply a hostname. A review of the uses of Client both within Google and in a couple of external libraries has shown that nearly all of them got this wrong. Thus, this change enforces that either a ServerName or InsecureSkipVerify is given. This does not affect tls.Dial. See discussion at https://groups.google.com/d/msg/golang-nuts/4vnt7NdLvVU/b1SJ4u0ikb0J. Fixes #7342. LGTM=bradfitz R=golang-codereviews, bradfitz CC=golang-codereviews https://golang.org/cl/67010043
13 lines
706 B
Plaintext
13 lines
706 B
Plaintext
cmd/gofmt: remove -tabwidth and -tabs flags (CL 52170043)
|
|
liblink: pull linker i/o into separate liblink C library (CL 35790044)
|
|
misc/dist: renamed misc/makerelease (CL 39920043)
|
|
runtime: output how long goroutines are blocked (CL 50420043)
|
|
syscall: add NewCallbackCDecl to use for windows callbacks (CL 36180044)
|
|
testing: diagnose buggy tests that panic(nil) (CL 55780043)
|
|
testing: add b.RunParallel function (CL 57270043)
|
|
misc/benchcmp has been replaced by go tool benchcmp (CL 47980043)
|
|
cmd/go, go/build: support .m files (CL 60590044)
|
|
unicode: upgrade from Unicode 6.2.0 to 6.3.0 (CL 65400044)
|
|
runtime/debug: add SetPanicOnFault (CL 66590044)
|
|
crypto/tls: ServerName or InsecureSkipVerify (CL 67010043)
|