New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/http: Transport VerifyHostname should be optional when using TLS #11076
Comments
Why? |
Why can't you just use Transport.DialTLS? |
Are there examples anywhere? |
Let's move this to the golang-nuts mailing list. We don't use our bug tracker for support requests. |
That's OK, we just found it cheaper to patch 6 lines in the golang source for our project vs implementing a new method. |
That sounds like a bad idea and a painful maintenance cost going forward. You're now running a forked version of Go instead of using the mechanisms it already provides. The But like I said, this should be discussed on the golang-nuts list. I'm just leaving this note here in case anybody finds this and considers making your same mistake. |
There should be an option to verify the certificate chain without verifying the hostname. Currently you can only disable both certificate and hostname verification using InsecureSkipVerify.
https://tools.ietf.org/html/rfc6125#appendix-B.2
A new boolean should be added to tls.Config named
InsecureHostnameSkipVerify
.The text was updated successfully, but these errors were encountered: