-
Notifications
You must be signed in to change notification settings - Fork 0
/
conn_str_go115.go
35 lines (32 loc) · 1.15 KB
/
conn_str_go115.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
//go:build go1.15
// +build go1.15
package msdsn
import (
"crypto/tls"
"crypto/x509"
"fmt"
)
func setupTLSCommonName(config *tls.Config, pem []byte) error {
// fix for https://github.com/wang-xuemin/go-mssqldb/issues/704
// A SSL/TLS certificate Common Name (CN) containing the ":" character
// (which is a non-standard character) will cause normal verification to fail.
// Since the VerifyConnection callback runs after normal certificate
// verification, confirm that SetupTLS() has been called
// with "insecureSkipVerify=false", then InsecureSkipVerify must be set to true
// for this VerifyConnection callback to accomplish certificate verification.
config.InsecureSkipVerify = true
config.VerifyConnection = func(cs tls.ConnectionState) error {
commonName := cs.PeerCertificates[0].Subject.CommonName
if commonName != cs.ServerName {
return fmt.Errorf("invalid certificate name %q, expected %q", commonName, cs.ServerName)
}
opts := x509.VerifyOptions{
Roots: nil,
Intermediates: x509.NewCertPool(),
}
opts.Intermediates.AppendCertsFromPEM(pem)
_, err := cs.PeerCertificates[0].Verify(opts)
return err
}
return nil
}