diff options
author | Brad Fitzpatrick <bradfitz@golang.org> | 2011-10-21 08:14:38 -0700 |
---|---|---|
committer | Brad Fitzpatrick <bradfitz@golang.org> | 2011-10-21 08:14:38 -0700 |
commit | 2cab897ce055fd753821a85a2134affe64ffe8cb (patch) | |
tree | fa11170bb4f5fec257e5d79b9686cabe4d50108b | |
parent | 8bfb2171233d5738fe592f001f318969f8228c97 (diff) | |
download | go-2cab897ce055fd753821a85a2134affe64ffe8cb.tar.gz go-2cab897ce055fd753821a85a2134affe64ffe8cb.zip |
http: Transport: with TLS InsecureSkipVerify, skip hostname check
Fixes #2386
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5312045
-rw-r--r-- | src/pkg/http/client_test.go | 24 | ||||
-rw-r--r-- | src/pkg/http/transport.go | 6 |
2 files changed, 28 insertions, 2 deletions
diff --git a/src/pkg/http/client_test.go b/src/pkg/http/client_test.go index 0ad6cd7c2f..8f61286c46 100644 --- a/src/pkg/http/client_test.go +++ b/src/pkg/http/client_test.go @@ -7,6 +7,7 @@ package http_test import ( + "crypto/tls" "fmt" . "http" "http/httptest" @@ -292,3 +293,26 @@ func TestClientWrites(t *testing.T) { t.Errorf("Post request did %d Write calls, want 1", writes) } } + +func TestClientInsecureTransport(t *testing.T) { + ts := httptest.NewTLSServer(HandlerFunc(func(w ResponseWriter, r *Request) { + w.Write([]byte("Hello")) + })) + defer ts.Close() + + // TODO(bradfitz): add tests for skipping hostname checks too? + // would require a new cert for testing, and probably + // redundant with these tests. + for _, insecure := range []bool{true, false} { + tr := &Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: insecure, + }, + } + c := &Client{Transport: tr} + _, err := c.Get(ts.URL) + if (err == nil) != insecure { + t.Errorf("insecure=%v: got unexpected err=%v", insecure, err) + } + } +} diff --git a/src/pkg/http/transport.go b/src/pkg/http/transport.go index edc8448f00..1d4433d14f 100644 --- a/src/pkg/http/transport.go +++ b/src/pkg/http/transport.go @@ -362,8 +362,10 @@ func (t *Transport) getConn(cm *connectMethod) (*persistConn, os.Error) { if err = conn.(*tls.Conn).Handshake(); err != nil { return nil, err } - if err = conn.(*tls.Conn).VerifyHostname(cm.tlsHost()); err != nil { - return nil, err + if t.TLSClientConfig == nil || !t.TLSClientConfig.InsecureSkipVerify { + if err = conn.(*tls.Conn).VerifyHostname(cm.tlsHost()); err != nil { + return nil, err + } } pconn.conn = conn } |