Hello,
We're trying to configure a http.Transport such that the client does extra
validation of the server-provided certificate before sending any data. We
want this client to compare server-provided certificate fields against
values present on the request Context. In essence, we'd like to be able to
write:
tr := http.Transport{
DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn,
err) {
conn, err := tls.Dial(network, addr, myConfig)
if err != nil {
return err
}
connState := conn.(*tls.Conn).ConnectionState()
ok := extraValidation(connState, ctx)
if !ok {
return nil, errors.New("extra validation failed")
}
return conn
},
}
But DialTLSContext doesn't exist today. We see Transport.DialContext(),
but if you try to tls.Dial() inside there while leaving DialTLS nil, the
http.Transport won't know that the conn is already TLS, and it will attempt
to TLS handshake again [0]
Could anyone suggest a workaround for this, short of modifying the
`http.Transport` source code itself?
Thank you,
Gabe Rosenhouse
[0] https://golang.org/src/net/http/transport.go#L1063
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
