Add cafile support to the go-nethttp stub #231
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Pinging @aleksiklasila, @oherrala and @ikisusi to ponder the mystery. |
|
@joneskoo graciously opened issue golang/go#16834 about the weird error message. |
|
golang/go#16836 is related, too. |
jviide
force-pushed
the
golang-cafile-support
branch
from
78d9ff8
to
c75cb87
Compare
|
Rebased on top of master after #260. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
stubs/go-nethttp/run.godidn't implement custom CA bundle support. This pull request does add the support, but gets somewhat weird results for badtls.io tests:$ go version go version go1.7 darwin/amd64 $ trytls https go run stubs/go-nethttp/run.go platform: OS X 10.11.6 runner: trytls 0.3.2 (CPython 2.7.12, OpenSSL 0.9.8zh) stub: go run stubs/go-nethttp/run.go ... FAIL valid certificate Common Name [accept domain-match.badtls.io:10000] output: Get https://domain-match.badtls.io:10000: x509: certificate is valid for , not domain-match.badtls.io FAIL valid wildcard certificate Common Name [accept wildcard-match.badtls.io:10001] output: Get https://wildcard-match.badtls.io:10001: x509: certificate is valid for , not wildcard-match.badtls.io PASS support for Subject Alternative Name (SAN) [accept san-match.badtls.io:10002] FAIL TLS handshake with 1024 bit Diffie-Hellman (DH) [accept dh1024.badtls.io:10005] output: Get https://dh1024.badtls.io:10005: x509: certificate is valid for , not dh1024.badtls.io PASS certificate expired in year 1963 [reject expired-1963.badtls.io:11000] output: Get https://expired-1963.badtls.io:11000: x509: certificate has expired or is not yet valid PASS certificate validity starts in future [reject future.badtls.io:11001] output: Get https://future.badtls.io:11001: x509: certificate has expired or is not yet valid ...Note the output for the failing tests. Here's the one for
[accept domain-match.badtls.io:10000]:For comparison here's corresponding output for
[reject san-mismatch.badtls.io:11003]test (which is a PASS):Does someone happen to have any insight whether the problem lies in the
run.gocode or somewhere else?