cmd/pprof: add options to skip tls verification

Don't verify tls host when profiling https+insecure://host/port/..., as per discussion in https://go-review.googlesource.com/#/c/20885/. Fixes: #11468 Change-Id: Ibfc236e5442a00339334602a4014e017c62d9e7a Reviewed-on: https://go-review.googlesource.com/33157 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
golang · Nov 12, 2016 · 2f49726 · 2f49726
1 parent 4966150
commit 2f49726
Showing 1 changed file with 18 additions and 2 deletions.
diff --git a/src/cmd/pprof/internal/fetch/fetch.go b/src/cmd/pprof/internal/fetch/fetch.go
@@ -7,6 +7,7 @@
 package fetch
 
 import (
+	"crypto/tls"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -72,11 +73,26 @@ func PostURL(source, post string) ([]byte, error) {
 
 // httpGet is a wrapper around http.Get; it is defined as a variable
 // so it can be redefined during for testing.
-var httpGet = func(url string, timeout time.Duration) (*http.Response, error) {
+var httpGet = func(source string, timeout time.Duration) (*http.Response, error) {
+	url, err := url.Parse(source)
+	if err != nil {
+		return nil, err
+	}
+
+	var tlsConfig *tls.Config
+	if url.Scheme == "https+insecure" {
+		tlsConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+		url.Scheme = "https"
+		source = url.String()
+	}
+
 	client := &http.Client{
 		Transport: &http.Transport{
 			ResponseHeaderTimeout: timeout + 5*time.Second,
+			TLSClientConfig:       tlsConfig,
 		},
 	}
-	return client.Get(url)
+	return client.Get(source)
 }