in transport/tls.go [134:200]
func tlsDialWith(
ctx context.Context,
d testing.Driver,
dialer Dialer,
network, address string,
timeout time.Duration,
tlsConfig *tls.Config,
config *tlscommon.TLSConfig,
) (net.Conn, error) {
socket, err := dialer.DialContext(ctx, network, address)
if err != nil {
return nil, err
}
conn := tls.Client(socket, tlsConfig)
withTimeout := timeout > 0
if withTimeout {
if err := conn.SetDeadline(time.Now().Add(timeout)); err != nil {
d.Fatal("timeout", err)
_ = conn.Close()
return nil, err
}
}
// config might be nil, so get the zero-value and then read what is in config.
// We assume that the zero-value is the default value
var verification tlscommon.TLSVerificationMode
if config != nil {
verification = config.Verification
}
// We only check the status of config.Verification (`ssl.verification_mode`
// in the configuration file) because we have a custom verification logic
// implemented by setting tlsConfig.VerifyConnection that runs regardless of
// the status of tlsConfig.InsecureSkipVerify.
// For verification modes VerifyFull and VerifyCeritifcate we set
// tlsConfig.InsecureSkipVerify to true, hence it's not an indicator of
// whether TLS verification is enabled or not.
if verification == tlscommon.VerifyNone {
d.Warn("security", "server's certificate chain verification is disabled")
} else {
d.Info("security", "server's certificate chain verification is enabled")
}
err = conn.Handshake()
d.Fatal("handshake", err)
if err != nil {
_ = conn.Close()
return nil, err
}
// remove timeout if handshake was subject to timeout:
if withTimeout {
err := conn.SetDeadline(time.Time{})
if err != nil {
return nil, err
}
}
if err := postVerifyTLSConnection(d, conn, config); err != nil {
_ = conn.Close()
return nil, err
}
return conn, nil
}