Skip to content

Test TLS validates

Summary

#84 (closed) suggests that the no-op code is opt-in. We should test our code that TLS actually validates the certificates by

  1. create a minimal http2 server (doesn't even have to implement the GRPC-API, just TLS) and a self-signed certificate (simulating a MitM attack). Maybe also wrong subject/dns name? Maybe also expired?
  2. have the library request the server and fail during TLS handshake due to untrusted cert.

Maybe the test could be one of the package tests which run during packaging?