force clients to set tls.Config.InsecureSkipVerify when using mint

mint doesn't verify the certificate chain. This change forces users of quic-go to acknowledge mint's insecure behavior by explicitely setting InsecureSkipVerify.
2018-01-26 17:30:07 +11:00
parent db0a3d105e
commit d76f5a839c
4 changed files with 32 additions and 7 deletions
--- a/mint_utils.go
+++ b/mint_utils.go
@@ -16,6 +16,8 @@ import (
 	"github.com/lucas-clemente/quic-go/internal/wire"
 )

+var errMintIsInsecure = errors.New("mint currently DOES NOT support certificate verification (see https://github.com/bifurcation/mint/issues/161 for details). Set InsecureSkipVerify to acknowledge that no certificate verification will be performed, and the connection will be vulnerable to man-in-the-middle attacks")
+
 type mintController struct {
 	csc  *handshake.CryptoStreamConn
 	conn *mint.Conn
@@ -77,6 +79,9 @@ func tlsToMintConfig(tlsConf *tls.Config, pers protocol.Perspective) (*mint.Conf
 		},
 	}
 	if tlsConf != nil {
+		if pers == protocol.PerspectiveClient && !tlsConf.InsecureSkipVerify {
+			return nil, errMintIsInsecure
+		}
 		mconf.ServerName = tlsConf.ServerName
 		mconf.Certificates = make([]*mint.Certificate, len(tlsConf.Certificates))
 		for i, certChain := range tlsConf.Certificates {