You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, there is no public interface to supply TLSConfig to the srv *Server argument of dialTLS. There is only one caller of dialTLS: DialTLSExt which constructs a Server without TLSConfig just prior to calling dialTLS.
So in dialTLSsrv.TLSConfig is always nil in the following:
Therefore InsecureSkipVerify will always be true in the TLSConfig used by the client. It's an understandable default since ServerName must be part of the config if InsecureSkipVerify is false, according to: https://pkg.go.dev/crypto/tls#Client. Just there isn't a way to get to the other branch of that if. All the customization from supplying a TLSConfig such as using a different cert bundle than the system level certs are also not accessible.
Perhaps another DialTLS variant could be added to supply the TLSConfig? I expect the existing interfaces probably shouldn't change as there are likely many uses of them.
The text was updated successfully, but these errors were encountered:
Currently, there is no public interface to supply
TLSConfigto thesrv *Serverargument ofdialTLS. There is only one caller ofdialTLS:DialTLSExtwhich constructs aServerwithoutTLSConfigjust prior to callingdialTLS.So in
dialTLSsrv.TLSConfigis alwaysnilin the following:go-diameter/diam/client.go
Lines 135 to 139 in f6f1377
Therefore
InsecureSkipVerifywill always be true in the TLSConfig used by the client. It's an understandable default sinceServerNamemust be part of the config ifInsecureSkipVerifyis false, according to: https://pkg.go.dev/crypto/tls#Client. Just there isn't a way to get to the other branch of that if. All the customization from supplying a TLSConfig such as using a different cert bundle than the system level certs are also not accessible.Perhaps another
DialTLSvariant could be added to supply theTLSConfig? I expect the existing interfaces probably shouldn't change as there are likely many uses of them.The text was updated successfully, but these errors were encountered: