https://github.com/nathanejohnson/intransport

Go http transport and http client that will communicate with https websites that do not present their intermediate certificates, provided it can complete the chain. Also validates stapled OCSP responses, and supports OCSP must staple
https://github.com/nathanejohnson/intransport

golang http http-client must-staple ocsp ocsp-staple

Last synced: 4 months ago
JSON representation

Go http transport and http client that will communicate with https websites that do not present their intermediate certificates, provided it can complete the chain. Also validates stapled OCSP responses, and supports OCSP must staple

• Host: GitHub
• URL: https://github.com/nathanejohnson/intransport
• Owner: nathanejohnson
• License: mit
• Created: 2018-03-02T01:31:26.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2022-08-30T18:56:44.000Z (over 2 years ago)
• Last Synced: 2024-06-21T19:51:17.536Z (7 months ago)
• Topics: golang, http, http-client, must-staple, ocsp, ocsp-staple
• Language: Go
• Homepage:
• Size: 65.4 KB
• Stars: 7
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
[![GoDoc](https://pkg.go.dev/static/frontend/badge/badge.svg)](https://godoc.org/github.com/nathanejohnson/intransport/v2)

[![Go Report Card](https://goreportcard.com/badge/github.com/nathanejohnson/intransport)](https://goreportcard.com/report/github.com/nathanejohnson/intransport)

[![Build Status](https://github.com//nathanejohnson/intransport/actions/workflows/build.yml/badge.svg)](https://github.com//nathanejohnson/intransport/actions/workflows/build.yml)

Package intransport implements the http RoundTripper interface. This can be used with, for example, http.Client and httputil.ReverseProxy. This package is meant to allow secure communications with remote hosts that may not fully specify their intermediate certificates on the TLS handshake. Most browsers support communication with these hosts by using the issuing certificate URL from the Authority Information Access extension of the cert to fetch any missing intermediates. Each intermediate is fetched in turn until it can either complete the chain back to a trusted root or give up after all avenues have been exhausted, in which case it displays an error. Go's default transport does not fetch intermediates and will fail on mis-configured hosts. This package attempts to emulate browser behavior by attempting to complete the chain to a trusted root by fetching any missing intermediates.

Additionally, this will validate any stapled OCSP responses, and in the case where the certificate was created with the Must Staple extension set, it will fail in the absence of a validated OCSP response.

In order to use this, for most use cases, will be simply:

```go

package main

import (

	"fmt"

	"io/ioutil"

	"os"

	

	it "github.com/nathanejohnson/intransport/v2"

)

func main() {

	c := it.NewInTransportHTTPClient(nil)

	resp, err := c.Get("https://something.org")

	if err != nil {

		fmt.Println("boo, hiss! ", err)

		os.Exit(1)

	}

	body, err := ioutil.ReadAll(resp.Body)

	_ = resp.Body.Close()

	if err != nil {		

		fmt.Println("ba dum, tiss! ", err)

		os.Exit(1)

	}

	fmt.Printf("got response:\n%s", string(body))

}

```

Note: v2 package supports only go 1.15 and newer due to the use of tls VerifyConn.