ooni / probe-engine

Semi-automatic export of https://github.com/ooni/probe-cli internals
https://ooni.org
GNU General Public License v3.0
45 stars 16 forks source link

Custom TLS verification for QUIC #1196

Closed kelmenhorst closed 3 years ago

kelmenhorst commented 3 years ago

This PR adds a dialer for QUIC that verifies the peer's TLS certificate in hindsight, even if NoTLSVerify is set. This enables us to change the TLS SNI field without immediately triggering a SSL Invalid Host error.