Merge pull request #6440 from lclarkmichalek/how-to-ssl-question-mark
Obey the usual rules of SSL server name verification when using a private PKIrelease-3.2
commit
2db9d3b702
|
@ -23,7 +23,6 @@ import (
|
||||||
"crypto/x509/pkix"
|
"crypto/x509/pkix"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
|
||||||
"math/big"
|
"math/big"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
|
@ -235,9 +234,6 @@ func (info TLSInfo) ClientConfig() (*tls.Config, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
// if given a CA, trust any host with a cert signed by the CA
|
|
||||||
log.Println("warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated")
|
|
||||||
cfg.ServerName = ""
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if info.selfCert {
|
if info.selfCert {
|
||||||
|
|
Loading…
Reference in New Issue