On Tue, 2 Apr 2019 08:38:54 -0700 (PDT) Daniel Cormier <daniel.corm...@gmail.com> wrote:
> Since this conversation didn't go anywhere, I opened an issue > <https://github.com/golang/go/issues/31054>. +golang-nuts >> Is there a reason the cert used by httptest.StartTLSServer(...) This is a key **pair** that is available to the general public. Ie. its private part is known to all. Making it match on localhost or loopback interface would be a huge security hole for millions of developers who would add it to the trusted certs store then their machines would be susceptible to a wide class of threats via localhost MITM. Please follow https://letsencrypt.org/docs/certificates-for-localhost/ and make a cert for yourself. Note the https://github.com/jsha/minica link down the page. Hope this helps, -- Wojciech S. Czarnecki << ^oo^ >> OHIR-RIPE -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
