happyDomain/checker-tls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Harden contract validation, STARTTLS edge cases, and rule output

Browse source
This commit is contained in:
nemunaire 2026-04-26 16:39:22 +07:00
commit fa212f0fae
9 changed files with 104 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

4
checker/prober.go
View file

@ -172,7 +172,7 @@ func probe(ctx context.Context, ep contract.TLSEndpoint, timeout time.Duration)
func handshake(conn net.Conn, ep contract.TLSEndpoint, sni string) (*tls.Conn, error) {
cfg := &tls.Config{
ServerName: sni,
InsecureSkipVerify: true,
InsecureSkipVerify: true, // #nosec G402 -- intentional: chain verified separately in probe()
}
if ep.STARTTLS == "" {
@ -198,7 +198,7 @@ func handshake(conn net.Conn, ep contract.TLSEndpoint, sni string) (*tls.Conn, e
}
var (
errStartTLSNotOffered = errors.New("starttls not advertised by server")
errStartTLSNotOffered = errors.New("starttls not advertised by server")
errUnsupportedStartTLSProto = errors.New("unsupported starttls protocol")
)