forked from sloum/bombadillo
Minor fix to how we verify hostnames
This commit is contained in:
parent
d190e0ad00
commit
3624fd9510
|
@ -78,7 +78,7 @@ func (t *TofuDigest) Match(host, localCert string, cState *tls.ConnectionState)
|
||||||
return fmt.Errorf("EXP")
|
return fmt.Errorf("EXP")
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := cert.VerifyHostname(host); err != nil {
|
if err := cert.VerifyHostname(host); err != nil && cert.Subject.CommonName != host {
|
||||||
return fmt.Errorf("Certificate error: %s", err)
|
return fmt.Errorf("Certificate error: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -107,7 +107,7 @@ func (t *TofuDigest) newCert(host string, cState *tls.ConnectionState) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := cert.VerifyHostname(host); err != nil {
|
if err := cert.VerifyHostname(host); err != nil && cert.Subject.CommonName != host {
|
||||||
reasons.WriteString(fmt.Sprintf("Cert [%d] hostname does not match", index+1))
|
reasons.WriteString(fmt.Sprintf("Cert [%d] hostname does not match", index+1))
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue