Closed lthibault closed 6 years ago
InsecureSkipVerify is an option for the client side. This error occurs on the server side. One way to handle this is to do what the standard library does (it uses the certificate if there’s only one certificate chain), but iirc @bifurcation recently made the argument that such a fallback can have some ugly security implications.
Okay, appending "localhost"
to x509.Certificate.DNSNames
seems to fix the issue.
Thanks.
Hello, I'm trying to use quic-go, which uses mint internally.
I've set
MINT_LOG="*"
and attempted a connection using the runnable example provided here.Here is the log output I get:
Of particular interest, the line that reads:
[handshake] [ServerStateStart] No appropriate certificate found [No certificates available for server name: localhost]
.I find this quite surprising since
InsecureSkipVerify
is set totrue
, which in my mind means no such checks are performed. Please note that this has been done to facilitate development, and does not represent a production setting.My questions are as follows
Many thanks in advance!