feat(tls): allow custom TLS configuration for provider veriication

* Adds new `CustomTLSConfig` to Verifier interface
* Fixes issue
* Adds integration tests

README.md

@@ -382,7 +382,7 @@ _Important Note_: You should only use this feature for things that can not be pe
 
 For each _interaction_ in a pact file, the order of execution is as follows:
 
-`BeforeEach` -> `StateHandler` -> `RequestFilter (pre)`, `Execute Provider Test` -> `RequestFilter (post)` -> `AfterEach`
+`BeforeEach` -> `StateHandler` -> `RequestFilter (pre)` -> `Execute Provider Test` -> `RequestFilter (post)` -> `AfterEach`
 
 If any of the middleware or hooks fail, the tests will also fail.
 
@@ -807,6 +807,27 @@ cd examples/message/provider
 PACT_DESCRIPTION="a user" PACT_PROVIDER_STATE="user with id 127 exists" go test -v .
 ```
 
+### Verifying APIs with a self-signed certificate
+
+Supply your own TLS configuration to customise the behaviour of the runtime:
+
+```go
+	_, err := pact.VerifyProvider(t, types.VerifyRequest{
+		ProviderBaseURL: "https://localhost:8080",
+		PactURLs:        []string{filepath.ToSlash(fmt.Sprintf("%s/consumer-selfsignedtls.json", pactDir))},
+		CustomTLSConfig: &tls.Config{
+			RootCAs: getCaCertPool(), // Specify a custom CA pool
+			// InsecureSkipVerify: true, // Disable SSL verification altogether
+		},
+	})
+```
+
+See [self-signed certificate](https://github.com/pact-foundation/pact-go/examles/customTls/self_signed_certificate_test.go) for an example.
+
+### Testing AWS API Gateway APIs
+
+AWS changed their certificate authority last year, and not all OSs have the latest CA chains. If you can't update to the latest certificate bunidles, see "Verifying APIs with a self-signed certificate" for how to work around this.
+
 ## Contact
 
 Join us in slack: [![slack](http://slack.pact.io/badge.svg)](http://slack.pact.io)

dsl/pact.go

@@ -340,6 +340,7 @@ func (p *Pact) VerifyProviderRaw(request types.VerifyRequest) (types.ProviderVer
 		TargetPath:                u.Path,
 		Middleware:                m,
 		InternalRequestPathPrefix: providerStatesSetupPath,
+		CustomTLSConfig:           request.CustomTLSConfig,
 	}
 
 	// Starts the message wrapper API with hooks back to the state handlers
@@ -459,7 +460,7 @@ func AfterEachMiddleware(AfterEach types.Hook) proxy.Middleware {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			next.ServeHTTP(w, r)
 
-			if r.URL.Path != "/__setup" {
+			if r.URL.Path != providerStatesSetupPath {
 				log.Println("[DEBUG] executing after hook")
 				err := AfterEach()
 

examples/customTls/certs/ca.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAeqgAwIBAgIRANd+eeBjb4D4mNW86NmUFk8wDQYJKoZIhvcNAQELBQAw
+KjESMBAGA1UEChMJbG9jYWxob3N0MRQwEgYDVQQDEwtQa2kgQ0EgUm9vdDAeFw0x
+NzAyMjgyMjIzMDBaFw0yMDAyMTMyMjIzMDBaMCoxEjAQBgNVBAoTCWxvY2FsaG9z
+dDEUMBIGA1UEAxMLUGtpIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDS4qFc21Bh5fw4UftWS/MLxKkyJklX+045brxmYL05zGA/isF1QWSq
+pZaXaXhFr68/LcXAHOAiNzJSHe9ezscnn7lLN0J+6v5wvW6UKoQhMdCZpWHsGFe5
+e4od6hWJm6rjh3qGx4ENgqXOZNukRMYbig7MKGE5htxcnvdImrPXAiRtuJ6Aa6bl
+dBhkpOhQwHEey90NtcliRM6H1jYcCbhtlRStCVXsWiMjfpq9YIq+Wf/ece27Rvgy
+DX3UVNkRTuS0ZeX+D3n4lyOMTzgT6Cn0OUU23D5TRCCkDCDxkXgmnT6Cri9x2WnX
+AT7c2apUAx6ms9+AACE32ijqSg0Zx0+zAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwIC
+pDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCZ/d2+NWcU2bNy
+/W4XrwOHuBGVWW6vB2HGDN8l+Ut3K6Gbc5sXrkmmoap2y9zZKZl9mybchqQUJ9Qo
+U8zrhRJ5L74NRay9Jm+csRXbMBdSZtfJ8RRzZK7cr+fZ3DTd7tReSmV00nj7ciGj
+O2s73/GZHab7FzbTSbEf/5ei0UMAlN4L89DxzJxfnvIg6wu7dXg/QPhU3Ws4Y4bj
+5Dpl7pS2ZnVTh+cz39PgD+WkjubSx/CfOoo0bvwXKvg7vuE3HB65aP8tEZePSj4t
+MKWLAxwTNSqq7FVDrYkpgsnG00BTefaViTRyEuMaBWc4IpJ+r+W2ODEtFTWVyiyJ
+zXOYmm2Y
+-----END CERTIFICATE-----

examples/customTls/certs/cert-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAuV2YLWXBXUyRp0FEIBr/Jp2EeOcm9XfQPZzZ6M21eH3Cky29
++OD0ynINBdFHi7QB5fFdnTtg4jpH+q9CvvpGVcrW6tpjKic+RaN6abnSkz+RrXII
+X4RtfV/W9wMz6V/h8nhzGWQID0iQkhooaIvTie2nQ+gwQm8wmCL1+KT2IRoELCvC
+3VwrjDGde+dSOp+g9oWo4CkCce+wnSQQkI1Htctaq9EayAnrpPFupSTw0+AEOBJK
+fGXg2yBN3EqUXBmF/jNcNsMqjV4LCheH6QYWSUxt24HoL9ycPdRnPeUKmzPi9dE9
+dNfXvPtoltE8e/D8zTNNGWcRgGR0lzfxuWeW/wIDAQABAoIBAEx13+Sx+W3bvKTq
+FgjMOf0asl8QshBEyL/xaC1QVQ+LiGwfTSJQ4Ih1PQvuRH3K1ZGc2wmVSaRnd/Ne
+wcB3CfYvgjFDve3QXC5rfX4I6WRVr2iFBhEoVeWGV+xyBMK6C0ByEMAjc/Oh8ghi
+A9MEAlD9l6Y6K1Xr+XZ3zVAv81q5ZMEQsTERUkLA9lwDUpkQVipoLoKEVUeDiRvB
+jH+t9/I+axyARyuEx0Vx4Dza4AOhyNdW9J9szlAo2dhV21vW12MLvKH9jx1U2iAw
+vOBPe87xX40EIbiUkDrFKogdibFylQp/EWdsWFPM794b3D8/czfh2QYInghfoTzO
+bk5+rrECgYEA8u5UBYHYhHV9cQNAZVmpDE1JwUBg34q5M11TuSs7dyy2iqiHI7MS
+ysGsaOlf2bycKXQw10Ut+SVR0qnxjf2E/+cuCwnMySCaCPzat9UcGTMk3PqW7B4r
+foYmUmgH9n9zc845/L/LNEtHkeLEAGOJL+jvwx4dKxf0C84TZmHUKscCgYEAw1Z4
+QI5L6OKIL1dGDUWLMJXkplxDSPH7XNwDg6zGa81T1NfgDCA+lyLqXEp9YqMSOk5N
+4X+mTspazmgv3x6b6urGtIIRENZFLFgKqNfwDFkWDShwChF/8M7bzJsS4P/cNtr1
+lV0RHFERErRIE88v4ErXWwzDmOC/fJojJEW3OgkCgYEAzEuVKVR7C1nq9kFvxEvU
+mF3e6sADN7rn6MRRhmVPCvf1Q0Ja87DC2vRo04l/bBLrmQj3kfHBqcayuuDkHS7Y
+zIRT+kBxkarzHx/Vp8d2a9LQ621pwoPUvACA9cg6+hdQtlD1/xIkB4RPWeZEQrdy
+RXI1P/dxPC5WtB7HvdADpz0CgYEApzvkgABTZPJsfXtOchZT8CikNPlQcacZ+Io0
+SAsnZSvI1bRsEHWaoHI4CwOLDWNnO5vGeYR7sYD09TmlonPmMN0HeYrRaYTIfAp0
+NdGJpkiu5Fz2buhEjLnM3AL3ysHCmwQitNmUyJVu9IB8JNmAt5nbfgwTeVMRHXAp
+HejB0WECgYEA5hLQLsyqJY+BzzrvsC9RJ5y/U+P1KMFWnTyo/O8q2tihqSc9tlmk
+Jun18bc6z9qzwiSrYqOpAsE6IJlG+Cf39tXytVCxpuBXIe529VZekl2tEYaqdiQ1
+0fbh7R+eGKRjtl+bXucciv+jok13oNWCTuTcpzbxWbNxenpMVYPwB5s=
+-----END RSA PRIVATE KEY-----

examples/customTls/certs/cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgOgAwIBAgIRAP5kAANG+3/2fVhI4QOB3qQwDQYJKoZIhvcNAQELBQAw
+KjESMBAGA1UEChMJbG9jYWxob3N0MRQwEgYDVQQDEwtQa2kgQ0EgUm9vdDAeFw0x
+NzAyMjgyMjIzMDBaFw0yMDAyMTMyMjIzMDBaMBExDzANBgNVBAoTBmNsaWVudDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALldmC1lwV1MkadBRCAa/yad
+hHjnJvV30D2c2ejNtXh9wpMtvfjg9MpyDQXRR4u0AeXxXZ07YOI6R/qvQr76RlXK
+1uraYyonPkWjemm50pM/ka1yCF+EbX1f1vcDM+lf4fJ4cxlkCA9IkJIaKGiL04nt
+p0PoMEJvMJgi9fik9iEaBCwrwt1cK4wxnXvnUjqfoPaFqOApAnHvsJ0kEJCNR7XL
+WqvRGsgJ66TxbqUk8NPgBDgSSnxl4NsgTdxKlFwZhf4zXDbDKo1eCwoXh+kGFklM
+bduB6C/cnD3UZz3lCpsz4vXRPXTX17z7aJbRPHvw/M0zTRlnEYBkdJc38blnlv8C
+AwEAAaNVMFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
+BgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkq
+hkiG9w0BAQsFAAOCAQEASZe43Hi5HDj4odD7fjPHZcNOFUjc4GV5xR0P5sKS1yVO
+3D5Gf9v4OVA7O3ejCLQP2lSq++EMUChAVpCJsfzXDwqe8YoHLnSS+EID+JpHEZ8P
+PXXc59S/2HN7kEP447MRJCpFbOHy/axFkzZAlpQr7ffUhPQy3gnDWHDQ6uie6Od5
+bRX2B6Whgy9ey7PR3CMT8+SowCjhsKqE3y0vto+55XxMec35uKXI/djOZzje94fE
+n7plsWLOgYu0aeOkVKLe6s/Q0/mjO7zicDHwMq0QvFIcMU/MgrZkvcq+2sg/6Rp0
+iKnKss7cdrxnA7fOsGK8mWP0U6GizCvVigI1zN5dZg==
+-----END CERTIFICATE-----

examples/customTls/certs/server-cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAgWgAwIBAgIQQcVnWwEK0r3ZCbXx+LQRtTANBgkqhkiG9w0BAQsFADAq
+MRIwEAYDVQQKEwlsb2NhbGhvc3QxFDASBgNVBAMTC1BraSBDQSBSb290MB4XDTE3
+MDIyODIyMjMwMFoXDTIwMDIxMzIyMjMwMFowFDESMBAGA1UEChMJbG9jYWxob3N0
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOk54aC6EXZpNcxlO8L/
+ZIc/u4HNrB2VovT9osAs+ZPZOxd6w/l3e5mblxbh3j1Otjh5Y9e1wm9c0DytRhx9
+NUvzJ5weECGmk0FgU9Oe/OHnn5WayUK0Z8S56ln9bZbXDlnusRCyMGXhFuQqoabP
+rpfqNvIP5XQeKxJMnLp2xYZV18O6nmjGYSSLMjNLr6MqA/KRRyP68yLhx4pXH1mL
+bA5pjoxiJoI7tGLUTkMWco4O7bW0czR9AK72ZALSDgWDIKLQlRlQJ05wk+wnDykk
+4pt6gABodkeyJvp6D5ayuAZBH0xOGxOW2Y4RPowb0tNIw4Sd7HthodLLjUiM7QwJ
+AQIDAQABo1UwUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
+CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0G
+CSqGSIb3DQEBCwUAA4IBAQB3DOgS/faqoMLqHCwTJsocD4etXU1Es7zTsI8QSYLp
+JCj4ykJ58NASmfwtn+MDBc0wiKqP8Cyudh5j2uQGQ/pL/h99EGy4TY7rN/riop0m
+x07yvV+mi65nwT/YEyX3Jymx4+78AvdHIWT9uj5nED6+pBufqHQHVm6btPF/hsA1
+4YTbWSGnrkcplBw3sWP5HoVVtfJ7TzhqVrSSQB+lRRXPHzRCq5f3BM5fZ7bMt3LI
+9j8cXrSXSu53LZ/llTLGU5DbReAJPDQpSdwy56wMD/cXQXxt6blwZdLEneYQ8eqO
+kD7eZDlUKz1Dhj7qoFnAhDU1ypxBF4A04E/qpPQHrkq1
+-----END CERTIFICATE-----

examples/customTls/certs/server-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwOk54aC6EXZpNcxlO8L/ZIc/u4HNrB2VovT9osAs+ZPZOxd6
+w/l3e5mblxbh3j1Otjh5Y9e1wm9c0DytRhx9NUvzJ5weECGmk0FgU9Oe/OHnn5Wa
+yUK0Z8S56ln9bZbXDlnusRCyMGXhFuQqoabPrpfqNvIP5XQeKxJMnLp2xYZV18O6
+nmjGYSSLMjNLr6MqA/KRRyP68yLhx4pXH1mLbA5pjoxiJoI7tGLUTkMWco4O7bW0
+czR9AK72ZALSDgWDIKLQlRlQJ05wk+wnDykk4pt6gABodkeyJvp6D5ayuAZBH0xO
+GxOW2Y4RPowb0tNIw4Sd7HthodLLjUiM7QwJAQIDAQABAoIBAG9edc7/ZkwsiyLG
+5G6y7ZRQzIdosZ862SdhvofV4GEZbODDdllrTQJrNLruN+mAhU+HnPT6FHGyrud9
+EB+Y1OQO+8qTQ3vWoX8D0CO02WVu2bR0vw6P1uzNUvOrjjZVTcR4QOeyFt0ABAme
+Icp/LgjCpTGhX3H9Lml5QAd/UpBHMuGYpZ7NZTRED4spWKYoQeqhCNzU7lYfW9W4
+xPdRbgBJ75daUPFCrCAU/hny+Iosl8Qc+dl9F+idtI4bvWw+ozKzgwhgicrYtYiQ
+yuyR8DFD/hQ8Kl5Gzxmdkz97MZu2MffXiJaa7MelrAKV9L8plVmzPX3nNkphHjM5
+aCDDlUECgYEA82wrxpWwBLzgxSQGpN1wV3p29W8+tjp5XsTGQvHdFEPPLqAvl4oX
+fZdLNSyiTI1lMbQ1zy6K9jQABIn4KEWKj6xNXXnj3tQsjJLbJBuC+2UaKJa2CG01
+jESTTLmjgBIGZneRxgYdFF5xyINnnaydhH0ijVXNIfrP2r4W4mqGRGkCgYEAyuDs
+TKzgfNTbotJ4U4u44Y1TjmEknNggjNktOKPn6uwi5OITXMcdSzmQUPRvnX6Fm/Iy
+6qF0XlG3eBFYxNWnWRLzE8xMFovnhBBlgTowF9X3KjgWmkoj9EIPLuzofjpPQEpU
+wgbhAsO8beqbmmQCraIb1j4UOJdaCBN5gCpqLNkCgYEA0couSC4Fz2+BQCZ2W2xF
+P/9ZutkvcRogNB7eyB9u6+ItEwAXREFNUX4s4R0gm11ZE2c+4No6BUp3oXHPH9Yf
+Pwe+fYtpakfuRRDkMNBNKKDP1J9fLxAAEG2hjYSIdv4R6gmu5r2qHj3vTmKB0JBO
+CTtXpfuGmXxx2xHs4yHvqdECgYAS8f4fCuXLwnTgN5dU9e9F4NS0rw2kN+qSPJWk
+fGnj3jlD9nioaU+q/q0jYjAqHO6NKYjnsDwVsrvXUodfmjQOdV6Nsr5IPLhZ9M4F
+y1FCaJC0OJijv9irrp+MWkM7xmYwMsDHfaz1fSHTgd0WBdDaNhEzaIiq4DdgGbF2
+7n8LwQKBgEvx0KL7fxljpu/UC7m21p7o6S2ZVNr8aTiaTqiNeYrfiCCt1sbYB/to
+dHs1sgnUfRT7BfVpDgGTR0m/1IHp7jjvtQRkpCR/EyJxe8nYs/VERV4XhZb08tzo
+3AlVnxWkYZ2WhzRSRbRXwuF+7xVSh/XDycXX5I48Xztz/8ZNq/W3
+-----END RSA PRIVATE KEY-----