[GODRIVER-1636] TLS hostname should always be set Created: 01/Jun/20 Updated: 28/Oct/23 Resolved: 10/Jun/20 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | Connections |
| Affects Version/s: | None |
| Fix Version/s: | 1.3.5 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Divjot Arora (Inactive) | Assignee: | Divjot Arora (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Description |
|
The connection.configureTLS method only sets hostname if tls.Config.InsecureSkipVerify is false (i.e. tlsInsecure=false). The hostname should always be set because it can be used server-side for SNI. In the case that InsecureSkipVerify=true, Go's TLS library will skip hostname verification anyway (https://github.com/golang/go/blob/master/src/crypto/tls/handshake_client.go#L830), so setting it makes no difference for client-side checks. |
| Comments |
| Comment by Githook User [ 10/Jun/20 ] |
|
Author: {'name': 'Divjot Arora', 'email': 'divjot.arora@10gen.com', 'username': 'divjotarora'}Message: |
| Comment by Githook User [ 10/Jun/20 ] |
|
Author: {'name': 'Divjot Arora', 'email': 'divjot.arora@10gen.com', 'username': 'divjotarora'}Message: |
| Comment by Divjot Arora (Inactive) [ 09/Jun/20 ] |
| Comment by May Hoque [ 02/Jun/20 ] |
|
Yes, and this should affect really any user of the driver that needs SNI to provide the hostname. Supposedly this also includes sqlproxy. The change to get this working was to simply remove the if statement starting at L523 here and execute the code in all cases. |