Yeah, my mistake.
Looks like you might have to provide your own custom net.Listener
by wrapping the standard one.
Gemini suggested this too as a solution, for
example: https://go.dev/play/p/l3a4pXA1I75
If the handshake isn't happening, as apparently it happens lazily on
first read or write of
InsecureSkipVerify doesn't affect the callback VerifyConnection, just
whether the stdlib TLS verification logic is executed.
I don't like it but I don't see another way to disable the initial HTTP 400
being sent for failed TLS verifications.
The example for VerifyConnection on that same godocs
Parenthetically, I'm assuming you are talking about implementing your own
VerifyPeerCertificate
or
VerifyConnection callback
as set in your tls.Config
See https://pkg.go.dev/crypto/tls#Config for reference.
On Sunday, August 10, 2025 at 11:06:47 PM UTC+1 Jason E. Aten wrote:
> Umm, I don't thi
Umm, I don't think you want to set InsecureSkipVerify=true. (I think you
need to keep verification on). Otherwise
none of the custom verification callbacks will be called at all, if I'm
recalling correctly.
TLS and HTTP are pretty separate layers; I use TLS alot without HTTP for
instance. So i
