gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

don't force clients to use tls.Config.InsecureSkipVerify when using mint

Browse Source 
mint recently implemented certificate verification.
This reverts commit d76f5a839c.
This commit is contained in:
Marten Seemann
2018-02-01 10:59:53 +08:00
parent 1cc209e4fb
commit d671cf134c
4 changed files with 7 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
mint_utils.go
View File

@@ -16,8 +16,6 @@ import (
"github.com/lucas-clemente/quic-go/internal/wire"
)
var errMintIsInsecure = errors.New("mint currently DOES NOT support certificate verification (see https://github.com/bifurcation/mint/issues/161 for details). Set InsecureSkipVerify to acknowledge that no certificate verification will be performed, and the connection will be vulnerable to man-in-the-middle attacks")
type mintController struct {
csc *handshake.CryptoStreamConn
conn *mint.Conn
@@ -75,9 +73,6 @@ func tlsToMintConfig(tlsConf *tls.Config, pers protocol.Perspective) (*mint.Conf
},
}
if tlsConf != nil {
if pers == protocol.PerspectiveClient && !tlsConf.InsecureSkipVerify {
return nil, errMintIsInsecure
}
mconf.ServerName = tlsConf.ServerName
mconf.Certificates = make([]*mint.Certificate, len(tlsConf.Certificates))
for i, certChain := range tlsConf.Certificates {