From 2f497263e4ff6121a1ba80e7a57e950061896626 Mon Sep 17 00:00:00 2001 From: Patrick Lee Date: Fri, 11 Nov 2016 19:24:07 -0800 Subject: [PATCH] cmd/pprof: add options to skip tls verification Don't verify tls host when profiling https+insecure://host/port/..., as per discussion in https://go-review.googlesource.com/#/c/20885/. Fixes: #11468 Change-Id: Ibfc236e5442a00339334602a4014e017c62d9e7a Reviewed-on: https://go-review.googlesource.com/33157 Reviewed-by: Brad Fitzpatrick Run-TryBot: Brad Fitzpatrick TryBot-Result: Gobot Gobot --- src/cmd/pprof/internal/fetch/fetch.go | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/cmd/pprof/internal/fetch/fetch.go b/src/cmd/pprof/internal/fetch/fetch.go index 2e2de575f8..d3ccb65473 100644 --- a/src/cmd/pprof/internal/fetch/fetch.go +++ b/src/cmd/pprof/internal/fetch/fetch.go @@ -7,6 +7,7 @@ package fetch import ( + "crypto/tls" "fmt" "io" "io/ioutil" @@ -72,11 +73,26 @@ func PostURL(source, post string) ([]byte, error) { // httpGet is a wrapper around http.Get; it is defined as a variable // so it can be redefined during for testing. -var httpGet = func(url string, timeout time.Duration) (*http.Response, error) { +var httpGet = func(source string, timeout time.Duration) (*http.Response, error) { + url, err := url.Parse(source) + if err != nil { + return nil, err + } + + var tlsConfig *tls.Config + if url.Scheme == "https+insecure" { + tlsConfig = &tls.Config{ + InsecureSkipVerify: true, + } + url.Scheme = "https" + source = url.String() + } + client := &http.Client{ Transport: &http.Transport{ ResponseHeaderTimeout: timeout + 5*time.Second, + TLSClientConfig: tlsConfig, }, } - return client.Get(url) + return client.Get(source) } -- 2.48.1