Open bharatkrishna opened 8 years ago
gripedthumbtacks
commented
8 years ago You need to either install the CA authority certificate in your local client bundle, or implement a new option for goquic that ignores broken certificates. But honestly, there is no reason to generate broken CA certificates now that let's encrypt provides free HTTPS certs to the planet.
gripedthumbtacks
commented
8 years ago @bharatkrishna if that works for you go ahead and close this issue for the devs, thanks!
vyrus001
commented
8 years ago what about local testing? so i have to spin this up on a public domain and use letsencrypt to even run the server and client out of the gate?
serialx
commented
8 years ago @vyrus001 You can always add a self-signed CA to the system for doing the testing. Or you can add InsecureSkipVerify option to the tls.Config.
hodduc
commented
8 years ago For local testing, you can generate a self-signed certificate/key pair and add to your OS's certificate store. Detail instructions are here.
You can use chrome's --host-resolver-rules option, or /etc/hosts trick, to use fake domain.
vyrus001
commented
8 years ago Ahh, i missed the part where the client checks the OS's cert store, thanks!
opaul
commented
8 years ago I created certificate and key files for quic_client & quic_server project from Chromius.( by using generate_certs.sh, CA root certificate was added into OS's root certificate store ). This pair was used succesfully. But I can't use they with goquic project because already have Verify failedx509: certificate signed by unknown authority. Where is my mistake? Thanks
daiminglong
commented
7 years ago Hi, how can I add a InsecureSkipVerify option to the tls.Config. Would you please give me more details, Thanks!
y123456yz
commented
7 years ago I have the same problem
I generated self-signed cert using openssl as given in this doc.
I use this to start the server:
./server -cert=server.crt -key=server.keyWhen I run the client I get an error:
How do I make the client request work?