Depending on what you're trying to do, this might get you further
https://github.com/golang/go/blob/46f4bfb2d17a3ccb4b3207d086a90cac3c00ea2f/src/crypto/tls/common.go#L417
https://github.com/golang/go/issues/16363
On Thursday, August 17, 2017 at 3:33:14 PM UTC-7, Gabriel Rosenhouse wrote:
>
> Hello,
>
> We're trying to configure a http.Transport such that the client does extra
> validation of the server-provided certificate before sending any data. We
> want this client to compare server-provided certificate fields against
> values present on the request Context. In essence, we'd like to be able to
> write:
>
> tr := http.Transport{
> DialTLSContext: func(ctx context.Context, network, addr string) (net.
> Conn, err) {
> conn, err := tls.Dial(network, addr, myConfig)
> if err != nil {
> return err
> }
> connState := conn.(*tls.Conn).ConnectionState()
> ok := extraValidation(connState, ctx)
> if !ok {
> return nil, errors.New("extra validation failed")
> }
> return conn
> },
> }
>
> But DialTLSContext doesn't exist today. We see Transport.DialContext(),
> but if you try to tls.Dial() inside there while leaving DialTLS nil, the
> http.Transport won't know that the conn is already TLS, and it will attempt
> to TLS handshake again [0]
>
> Could anyone suggest a workaround for this, short of modifying the
> `http.Transport` source code itself?
>
> Thank you,
>
> Gabe Rosenhouse
>
> [0] https://golang.org/src/net/http/transport.go#L1063
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
