Closed
Description
Hello
I've been struggling with an annoying problem with HTTPS communication between 2 golang
powered hosts (both go1.1 powered)
The server component uses a certificate signed by a CA that I've generated with openssl
The client component connects to the server via https using the public key of CA as the
rootCA for the connection
Everything works fine if the client connects to the server using a DNS name. Instead if
the client connects specifying an IP address in the URL and using the ServerName field
of the tls.Config struct:
tr := &http.Transport{
TLSClientConfig: &tls.Config{RootCAs: certPool, ServerName: "host-name"},
}
the hostname validation fails.
It seemed to me like the ServerName field was somewhere ignored and I think I was
correct.
I've identified the problem at the following lines (starting from 501) of
net/http/transport.go
if t.TLSClientConfig == nil || !t.TLSClientConfig.InsecureSkipVerify {
if err = conn.(*tls.Conn).VerifyHostname(cm.tlsHost()); err != nil {
return nil, err
}
}
The correct code should be instead
if t.TLSClientConfig == nil || !t.TLSClientConfig.InsecureSkipVerify {
if err = conn.(*tls.Conn).VerifyHostname(cfg.ServerName); err != nil {
return nil, err
}
}
I've recompiled GO and tested the new code successfully
I'm not sure what's the best way to contribute new code as I'm not a Mercurial expert...
Apologies if I'm entering this in the wrong place
**Which compiler are you using (5g, 6g, 8g, gccgo)?**
Not sure, default linux compiler
**Which operating system are you using?**
Lubuntu 12.04
**Which version are you using? (run 'go version')**
Go1.1
Stefano