Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
net/http: DialTLS is not used w/ proxy (by design) #9126
What does 'go version' print? go version go1.4rc1 [windows/amd64 | linux/amd64] What steps reproduce the problem? transport.DialTLS not used when an HTTPS connection is proxied. http://play.golang.org/p/hSZy5-Sg0I Equally concerned developers will introduce unintended security bugs if/when an app is executed in an environment with a proxy. What happened? DialTLS not used (by design) when a proxy is present. What should have happened instead? Need support to reject connections based on factors outside hostname when a proxy is present. e.g. a Verify(...) callback on tls.Config executed after the handshake and other verification steps have executed. Please provide any additional information below. The issue that added DialTLS: https://golang.org/issue/8522 Patch set #3 (or similar) would address the need. https://golang.org/cl/137940043/#ps40001
1.4 introduced an optional DialTLS function on http.Transport. However, it is not used when a proxy is in use.
I'm calling REST APIs over https and I need to check for acceptable server certificates (a whitelist) after the handshake w/ or w/o a proxy present on the client.
Add an optional verification callback to tls.Config that lets the callee inspect the certs. This would be called during the handshake for client or server.