cmd/pprof: add options to skip tls verification

Don't verify tls host when profiling https+insecure://host/port/...,
as per discussion in https://go-review.googlesource.com/#/c/20885/.

Fixes: #11468
Change-Id: Ibfc236e5442a00339334602a4014e017c62d9e7a
Reviewed-on: https://go-review.googlesource.com/33157
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

diff --git a/src/cmd/pprof/internal/fetch/fetch.go b/src/cmd/pprof/internal/fetch/fetch.go
index 2e2de575f8c1cedf5af677f50e65367d27216fd9..d3ccb65473b3386d6b2481feec1394a3766611d3 100644 (file)
--- a/src/cmd/pprof/internal/fetch/fetch.go
+++ b/src/cmd/pprof/internal/fetch/fetch.go
@@ -7,6 +7,7 @@
 package fetch
 
 import (
+       "crypto/tls"
        "fmt"
        "io"
        "io/ioutil"
@@ -72,11 +73,26 @@ func PostURL(source, post string) ([]byte, error) {
 
 // httpGet is a wrapper around http.Get; it is defined as a variable
 // so it can be redefined during for testing.
-var httpGet = func(url string, timeout time.Duration) (*http.Response, error) {
+var httpGet = func(source string, timeout time.Duration) (*http.Response, error) {
+       url, err := url.Parse(source)
+       if err != nil {
+               return nil, err
+       }
+
+       var tlsConfig *tls.Config
+       if url.Scheme == "https+insecure" {
+               tlsConfig = &tls.Config{
+                       InsecureSkipVerify: true,
+               }
+               url.Scheme = "https"
+               source = url.String()
+       }
+
        client := &http.Client{
                Transport: &http.Transport{
                        ResponseHeaderTimeout: timeout + 5*time.Second,
+                       TLSClientConfig:       tlsConfig,
                },
        }
-       return client.Get(url)
+       return client.Get(source)
 }