AIA-Transport-Go provides an http.Transport which uses the AIA (Authority Information Access) X.509 extension to resolve incomplete certificate chains during the tls handshake. See rfc3280 for more details.
go get github.com/fcjr/aia-transport-go
tr, err := aia.NewTransport()
if err != nil {
log.Fatal(err)
}
client := http.Client{
Transport: tr,
}
res, err := client.Get("https://incomplete-chain.badssl.com/")
if err != nil {
log.Fatal(err)
}
fmt.Println(res.Status)
- Follow single incomplete AIA chain
- Tests
- CI & Code Coverage
- Documentation
- Chain Caching
- Certificate Caching
- Follow all possible issuing urls
- Benchmarks
This library relies on x509.SystemCertPool() to gather the initial system root certificates to validate against. This function is not implemented on windows, however windows will resolve incomplete certificate chains via AIA automatically so this library simply returns a default http.Transport on windows which should be sufficient.1