mirror of https://github.com/golang/go.git
fca335e91a
crypto/tls has two functions for creating a client connection: Dial, which most users are expected to use, and Client, which is the lower-level API. Dial does what you expect: it gives you a secure connection to the host that you specify and the majority of users of crypto/tls appear to work fine with it. Client gives more control but needs more care. Specifically, if it wasn't given a server name in the tls.Config then it didn't check that the server's certificates match any hostname - because it doesn't have one to check against. It was assumed that users of the low-level API call VerifyHostname on the certificate themselves if they didn't supply a hostname. A review of the uses of Client both within Google and in a couple of external libraries has shown that nearly all of them got this wrong. Thus, this change enforces that either a ServerName or InsecureSkipVerify is given. This does not affect tls.Dial. See discussion at https://groups.google.com/d/msg/golang-nuts/4vnt7NdLvVU/b1SJ4u0ikb0J. Fixes #7342. LGTM=bradfitz R=golang-codereviews, bradfitz CC=golang-codereviews https://golang.org/cl/67010043 |
||
|---|---|---|
| .. | ||
| articles | ||
| codewalk | ||
| devel | ||
| gopher | ||
| play | ||
| progs | ||
| Makefile | ||
| asm.html | ||
| cmd.html | ||
| code.html | ||
| contrib.html | ||
| contribute.html | ||
| debugging_with_gdb.html | ||
| docs.html | ||
| effective_go.html | ||
| gccgo_contribute.html | ||
| gccgo_install.html | ||
| go-logo-black.png | ||
| go-logo-blue.png | ||
| go-logo-white.png | ||
| go1.1.html | ||
| go1.2.html | ||
| go1.3.txt | ||
| go1.html | ||
| go1compat.html | ||
| go_faq.html | ||
| go_mem.html | ||
| go_spec.html | ||
| help.html | ||
| ie.css | ||
| install-source.html | ||
| install.html | ||
| logo-153x55.png | ||
| root.html | ||
| share.png | ||
| sieve.gif | ||
| tos.html | ||
