Umm, I don't think you want to set InsecureSkipVerify=true. (I think you need to keep verification on). Otherwise none of the custom verification callbacks will be called at all, if I'm recalling correctly.
TLS and HTTP are pretty separate layers; I use TLS alot without HTTP for instance. So it shouldn't be too difficult to customize a web server's response on TLS handshake fail... On Tuesday, August 5, 2025 at 10:10:10 PM UTC+1 Daniel Lockhart wrote: > Question regarding crypto/tls. Unfortunately, in the name of supporting > legacy hardware, I need to change the HTTP 400 status code Go returns on a > TLS verification failure to something else dynamically, based on the > certificate. > > > https://github.com/golang/go/blob/4ee0df8c466861bcd258ec55b58283f276d3b3d5/src/net/http/server.go#L2070 > > Is the only option I have to set InsecureSkipVerify to true and rewrite > the verification logic within my own TLSConfig.VerifyConnection? > > or is there a better way to do this? > CONFIDENTIALITY NOTICE: This email and any attachments are for the sole > use of the intended recipient and may contain material that is proprietary, > confidential, privileged or otherwise legally protected or restricted under > applicable government laws. Any review, disclosure, distributing or other > use without expressed permission of the sender is strictly prohibited. If > you are not the intended recipient, please contact the sender and delete > all copies without reading, printing, or saving. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/7b129b9b-3a1a-4eaf-9dc6-0c07a99d5bdfn%40googlegroups.com.
