Skip to content

AIA (Authority Information Access) Transport Go provides a pre-configured http.Transport to enable AIA certificate chain resolution for resolving urls with incomplete certificate chains.

License

Notifications You must be signed in to change notification settings

fcjr/aia-transport-go

Repository files navigation

AIA (Authority Information Access) Transport Go

GoDoc Build Status Go Report Card GolangCI Coverage Status

AIA-Transport-Go provides an http.Transport which uses the AIA (Authority Information Access) X.509 extension to resolve incomplete certificate chains during the tls handshake. See rfc3280 for more details.

Installation

go get github.com/fcjr/aia-transport-go

Usage

tr, err := aia.NewTransport()
if err != nil {
    log.Fatal(err)
}
client := http.Client{
    Transport: tr,
}
res, err := client.Get("https://incomplete-chain.badssl.com/")
if err != nil {
    log.Fatal(err)
}
fmt.Println(res.Status)

Todos

  • Follow single incomplete AIA chain
  • Tests
  • CI & Code Coverage
  • Documentation
  • Chain Caching
  • Certificate Caching
  • Follow all possible issuing urls
  • Benchmarks

Caveats

This library relies on x509.SystemCertPool() to gather the initial system root certificates to validate against. This function is not implemented on windows, however windows will resolve incomplete certificate chains via AIA automatically so this library simply returns a default http.Transport on windows which should be sufficient.1

Footnotes

  1. https://github.com/golang/go/issues/31773#issuecomment-582176197

About

AIA (Authority Information Access) Transport Go provides a pre-configured http.Transport to enable AIA certificate chain resolution for resolving urls with incomplete certificate chains.

Topics

Resources

License

Stars

Watchers

Forks

Languages