From e531370dc97510096225332ca1583b0f38fe8bcf Mon Sep 17 00:00:00 2001 From: Mickael Remond Date: Wed, 31 Jul 2019 11:43:54 +0200 Subject: [PATCH] An invalid certificate is a permanent error if we do not skip cert check --- _examples/go.sum | 1 + session.go | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/_examples/go.sum b/_examples/go.sum index 6b1e299..be0c5ab 100644 --- a/_examples/go.sum +++ b/_examples/go.sum @@ -2,4 +2,5 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/processone/mpg123 v1.0.0/go.mod h1:X/FeL+h8vD1bYsG9tIWV3M2c4qNTZOficyvPVBP08go= github.com/processone/soundcloud v1.0.0/go.mod h1:kDLeWpkRtN3C8kIReQdxoiRi92P9xR6yW6qLOJnNWfY= golang.org/x/net v0.0.0-20190110200230-915654e7eabc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522 h1:bhOzK9QyoD0ogCnFro1m2mz41+Ib0oOhfJnBp5MR4K4= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/session.go b/session.go index 6fa7c32..1092569 100644 --- a/session.go +++ b/session.go @@ -37,6 +37,10 @@ func NewSession(conn net.Conn, o Config) (net.Conn, *Session, error) { var tlsConn net.Conn tlsConn = s.startTlsIfSupported(conn, o.parsedJid.Domain, o) + if s.err != nil { + return nil, nil, NewConnError(s.err, true) + } + if !s.TlsEnabled && !o.Insecure { err := fmt.Errorf("failed to negotiate TLS session : %s", s.err) return nil, nil, NewConnError(err, true) @@ -131,7 +135,6 @@ func (s *Session) startTlsIfSupported(conn net.Conn, domain string, o Config) ne } if !o.TLSConfig.InsecureSkipVerify { - // We check that cert matches hostname s.err = tlsConn.VerifyHostname(domain) }