Disable TLS certificate validation when communicating with log

See the source code comments for an explanation for why this is both
necessary and not insecure.
This commit is contained in:
Andrew Ayer 2017-10-18 21:34:51 -07:00
parent 1a6ed13fd6
commit 7283e51420
1 changed files with 11 additions and 0 deletions

View File

@ -6,6 +6,7 @@ package client
import ( import (
"bytes" "bytes"
"crypto/sha256" "crypto/sha256"
"crypto/tls"
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"errors" "errors"
@ -94,6 +95,16 @@ func New(uri string) *LogClient {
ResponseHeaderTimeout: 30 * time.Second, ResponseHeaderTimeout: 30 * time.Second,
MaxIdleConnsPerHost: 10, MaxIdleConnsPerHost: 10,
DisableKeepAlives: false, DisableKeepAlives: false,
TLSClientConfig: &tls.Config{
// We have to disable TLS certificate validation because because several logs
// (WoSign, StartCom, GDCA) use certificates that are not widely trusted.
// Since we verify that every response we receive from the log is signed
// by the log's CT public key (either directly, or indirectly via the Merkle Tree),
// TLS certificate validation is not actually necessary. (We don't want to ship
// our own trust store because that adds undesired complexity and would require
// updating should a log ever change to a different CA.)
InsecureSkipVerify: true,
},
} }
c.httpClient = &http.Client{Transport: transport} c.httpClient = &http.Client{Transport: transport}
return &c return &c