Open bharatkrishna opened 8 years ago
You need to either install the CA authority certificate in your local client bundle, or implement a new option for goquic that ignores broken certificates. But honestly, there is no reason to generate broken CA certificates now that let's encrypt provides free HTTPS certs to the planet.
@bharatkrishna if that works for you go ahead and close this issue for the devs, thanks!
what about local testing? so i have to spin this up on a public domain and use letsencrypt to even run the server and client out of the gate?
@vyrus001 You can always add a self-signed CA to the system for doing the testing. Or you can add InsecureSkipVerify
option to the tls.Config
.
For local testing, you can generate a self-signed certificate/key pair and add to your OS's certificate store. Detail instructions are here.
You can use chrome's --host-resolver-rules option, or /etc/hosts trick, to use fake domain.
Ahh, i missed the part where the client checks the OS's cert store, thanks!
I created certificate and key files for quic_client & quic_server project from Chromius.( by using generate_certs.sh, CA root certificate was added into OS's root certificate store ). This pair was used succesfully. But I can't use they with goquic project because already have Verify failedx509: certificate signed by unknown authority. Where is my mistake? Thanks
Hi, how can I add a InsecureSkipVerify option to the tls.Config. Would you please give me more details, Thanks!
I have the same problem
I generated self-signed cert using openssl as given in this doc.
I use this to start the server:
./server -cert=server.crt -key=server.key
When I run the client I get an error:
How do I make the client request work?