Closed
Description
by c@apcera.com:
What does 'go version' print? go version devel +0449858880be Mon Aug 11 17:11:31 2014 -0400 darwin/amd64 What steps reproduce the problem? 1. Revoke a TLS certificate (for example, to mitigate Heartbleed) 2. Attempt to prevent a golang client from securing a connection using the revoked certificate 3. Realize you can verify the hostname, but not other parts of the certificate prior to establishing a connection and sending a request. What happened? Golang clients cannot currently be written to reject certificates based on factors other than hostname. What should have happened instead? The certificate should be available to client code when establishing connections to allow for more granular verification. The attached file is client code which could be used to reject blacklisted certs if a hook were available in net/http.
Attachments:
- certblacklist.go (932 bytes)