happyDomain/checker-tls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Harden contract validation, STARTTLS edge cases, and rule output

Browse source
This commit is contained in:
nemunaire 2026-04-26 16:39:22 +07:00
commit fa212f0fae
9 changed files with 104 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

2
checker/fetch.go
View file

@ -68,7 +68,7 @@ func FetchChain(ctx context.Context, host string, port uint16, starttls string,
tlsConn := tls.Client(conn, &tls.Config{
ServerName: host,
InsecureSkipVerify: true,
InsecureSkipVerify: true, // #nosec G402 -- intentional: caller receives the chain even when PKIX rejects it
})
if err := tlsConn.HandshakeContext(dialCtx); err != nil {
return nil, fmt.Errorf("tls handshake: %w", err)