An invalid certificate is a permanent error if we do not skip cert check
This commit is contained in:
parent
4e185f4bb6
commit
e531370dc9
|
@ -2,4 +2,5 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
|
||||||
github.com/processone/mpg123 v1.0.0/go.mod h1:X/FeL+h8vD1bYsG9tIWV3M2c4qNTZOficyvPVBP08go=
|
github.com/processone/mpg123 v1.0.0/go.mod h1:X/FeL+h8vD1bYsG9tIWV3M2c4qNTZOficyvPVBP08go=
|
||||||
github.com/processone/soundcloud v1.0.0/go.mod h1:kDLeWpkRtN3C8kIReQdxoiRi92P9xR6yW6qLOJnNWfY=
|
github.com/processone/soundcloud v1.0.0/go.mod h1:kDLeWpkRtN3C8kIReQdxoiRi92P9xR6yW6qLOJnNWfY=
|
||||||
golang.org/x/net v0.0.0-20190110200230-915654e7eabc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
golang.org/x/net v0.0.0-20190110200230-915654e7eabc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||||
|
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522 h1:bhOzK9QyoD0ogCnFro1m2mz41+Ib0oOhfJnBp5MR4K4=
|
||||||
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||||
|
|
|
@ -37,6 +37,10 @@ func NewSession(conn net.Conn, o Config) (net.Conn, *Session, error) {
|
||||||
var tlsConn net.Conn
|
var tlsConn net.Conn
|
||||||
tlsConn = s.startTlsIfSupported(conn, o.parsedJid.Domain, o)
|
tlsConn = s.startTlsIfSupported(conn, o.parsedJid.Domain, o)
|
||||||
|
|
||||||
|
if s.err != nil {
|
||||||
|
return nil, nil, NewConnError(s.err, true)
|
||||||
|
}
|
||||||
|
|
||||||
if !s.TlsEnabled && !o.Insecure {
|
if !s.TlsEnabled && !o.Insecure {
|
||||||
err := fmt.Errorf("failed to negotiate TLS session : %s", s.err)
|
err := fmt.Errorf("failed to negotiate TLS session : %s", s.err)
|
||||||
return nil, nil, NewConnError(err, true)
|
return nil, nil, NewConnError(err, true)
|
||||||
|
@ -131,7 +135,6 @@ func (s *Session) startTlsIfSupported(conn net.Conn, domain string, o Config) ne
|
||||||
}
|
}
|
||||||
|
|
||||||
if !o.TLSConfig.InsecureSkipVerify {
|
if !o.TLSConfig.InsecureSkipVerify {
|
||||||
// We check that cert matches hostname
|
|
||||||
s.err = tlsConn.VerifyHostname(domain)
|
s.err = tlsConn.VerifyHostname(domain)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue