Merge pull request #6440 from lclarkmichalek/how-to-ssl-question-mark

Obey the usual rules of SSL server name verification when using a private PKI
2017-01-17 10:28:22 -08:00 · 2017-01-17 10:28:22 -08:00 · 2db9d3b702
parent bad2f03cd0 eba41cd7b3
commit 2db9d3b702
1 changed files with 0 additions and 4 deletions
--- a/pkg/transport/listener.go
+++ b/pkg/transport/listener.go
@ -23,7 +23,6 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	"log"
 	"math/big"
 	"net"
 	"os"
@ -235,9 +234,6 @@ func (info TLSInfo) ClientConfig() (*tls.Config, error) {
 		if err != nil {
 			return nil, err
 		}
-		// if given a CA, trust any host with a cert signed by the CA
-		log.Println("warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated")
-		cfg.ServerName = ""
 	}

 	if info.selfCert {