New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: Documentation and/or signature of crypto/tls.Conn.VerifyHostname could be clearer #9063
Comments
Owner changed to @agl. |
I checked the code and consulted @agl, and it looks like the only way c.peerCertificates[0] is not part of a verified chain is if you set InsecureSkipVerify in the TLS config. Are you doing that? If not, I think the docs are clear. And if you're setting InsecureSkipVerify, it's not too surprising that VerifyHostname does not do the "verify" part. |
CL https://golang.org/cl/12352 mentions this issue. |
CL https://golang.org/cl/12526 mentions this issue. |
Fixes golang#9063. Change-Id: I536ef1f0b30c94c1ebf7922d84cb2f701b7d8a1a Reviewed-on: https://go-review.googlesource.com/12526 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Fixes golang#9063. Change-Id: I536ef1f0b30c94c1ebf7922d84cb2f701b7d8a1a Reviewed-on: https://go-review.googlesource.com/12526 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
by ox@getlantern.org:
The text was updated successfully, but these errors were encountered: