You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What does 'go version' print?
go version go1.4rc1 [windows/amd64 | linux/amd64]
What steps reproduce the problem?
transport.DialTLS not used when an HTTPS connection is proxied.
Equally concerned developers will introduce unintended security bugs if/when an app is
executed in an environment with a proxy.
DialTLS not used (by design) when a proxy is present.
What should have happened instead?
Need support to reject connections based on factors outside hostname when a proxy is
present. e.g. a Verify(...) callback on tls.Config executed after the handshake and
other verification steps have executed.
Please provide any additional information below.
The issue that added DialTLS:
Patch set #3 (or similar) would address the need.
The text was updated successfully, but these errors were encountered:
1.4 introduced an optional DialTLS function on http.Transport. However, it is not used when a proxy is in use.
I'm calling REST APIs over https and I need to check for acceptable server certificates (a whitelist) after the handshake w/ or w/o a proxy present on the client.
Add an optional verification callback to tls.Config that lets the callee inspect the certs. This would be called during the handshake for client or server.
// VerifyPeerCertificate optionally defines a function to add
// further restrictions on certificate validity.
// The provided peer certificates and chains are the result
// of the handshake and x509.Certificate.Verify calls and should
// not be modified. The chains param will be nil if InsecureSkipVerify
// is true. If the function returns an error, the certificate is
// considered invalid and the connection will close.
VerifyPeerCertificate func(peer *x509.Certificate, chains *x509.Certificate) error