Merge pull request #22 from hugmouse/fix-self-signed-error

#25

gemax/client_tls.go

@@ -8,12 +8,17 @@ import (
 // ErrInvalidServerName means that the server certificate doesn't match the server domain.
 var ErrInvalidServerName = errors.New("server domain and server TLS domain name don't match")
 
-func tlsVerifyDomain(cs *tls.ConnectionState, domain string) error {
+func tlsVerifyDomain(cs *tls.ConnectionState, domain string) (err error) {
 	for _, cert := range cs.PeerCertificates {
-		for _, name := range cert.DNSNames {
-			if name == domain {
-				return nil
-			}
+		// Workaround for "x509: certificate relies on legacy Common Name field, use SANs"
+		//
+		// Usually self-signed certs
+		if cert.Subject.CommonName == domain {
+			return nil
+		}
+		err = cert.VerifyHostname(domain)
+		if err == nil {
+			return nil
 		}
 	}
 	return ErrInvalidServerName