Hello, I've found a behavior change in go1.9.x and I'm not sure if this can 
be considered a bug or not.

I prepared a small POC to explain this:
https://gitlab.com/nolith-tests/go-lang-tls-connection-state/blob/master/main.go


func dumpConnectionState(url string) {
fmt.Println("URL", url, "with", runtime.Version())
r, err := http.Head(url)
if err != nil {
panic(err)
}

fmt.Println("VerifiedChains len", len(r.TLS.VerifiedChains))
for i, verifiedChain := range r.TLS.VerifiedChains {
fmt.Println("Chain #", i)
for j, certificate := range verifiedChain {
signature := hex.EncodeToString(certificate.Signature)
fmt.Println("[", j, "] =>", certificate.Subject.CommonName, signature)
}
}
}


This function will perform HTTPS HEAD request and then dump  the 
VerifiedChains,
in a vanilla Linux environment, this program behaves exactly the same if 
compiled with go1.8.7 or go1.9.4

But when the leaf certificate is added to /etc/ssl/certs/ go1.8 will still 
dump the whole chain,
but go1.9 will print only the leaf certificate skipping the rest of the 
chain.

Diff of the outputs: 
https://gitlab.com/nolith-tests/go-lang-tls-connection-state/-/jobs/60324091


Can this be considered a bug? There is some workaround I can use to get 
go1.8 behavior on go1.9?


Thank you,
Alessio

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to