if !c.handshakeComplete {
return errors.New("tls: handshake has not yet been performed")
}
+ if len(c.verifiedChains) == 0 {
+ return errors.New("tls: handshake did not verify certificate chain")
+ }
return c.peerCertificates[0].VerifyHostname(host)
}
import (
"bytes"
"fmt"
+ "internal/testenv"
"io"
"net"
"strings"
t.Error("client and server channel bindings differ when session resumption is used")
}
}
+
+func TestVerifyHostname(t *testing.T) {
+ testenv.MustHaveExternalNetwork(t)
+
+ c, err := Dial("tcp", "www.google.com:https", nil)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if err := c.VerifyHostname("www.google.com"); err != nil {
+ t.Fatalf("verify www.google.com: %v", err)
+ }
+ if err := c.VerifyHostname("www.yahoo.com"); err == nil {
+ t.Fatalf("verify www.yahoo.com succeeded")
+ }
+
+ c, err = Dial("tcp", "www.google.com:https", &Config{InsecureSkipVerify: true})
+ if err != nil {
+ t.Fatal(err)
+ }
+ if err := c.VerifyHostname("www.google.com"); err == nil {
+ t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true")
+ }
+ if err := c.VerifyHostname("www.yahoo.com"); err == nil {
+ t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true")
+ }
+}