Merge pull request #6440 from lclarkmichalek/how-to-ssl-question-mark
Obey the usual rules of SSL server name verification when using a private PKIrelease-3.2
commit
2db9d3b702
|
@ -23,7 +23,6 @@ import (
|
|||
"crypto/x509/pkix"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"log"
|
||||
"math/big"
|
||||
"net"
|
||||
"os"
|
||||
|
@ -235,9 +234,6 @@ func (info TLSInfo) ClientConfig() (*tls.Config, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// if given a CA, trust any host with a cert signed by the CA
|
||||
log.Println("warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated")
|
||||
cfg.ServerName = ""
|
||||
}
|
||||
|
||||
if info.selfCert {
|
||||
|
|
Loading…
Reference in New Issue