Commit baa9ca03 authored by Brad Fitzpatrick's avatar Brad Fitzpatrick

net/http: respect tls.Config.ServerName in Transport

When making an HTTPS client request, respect the
ServerName field in the tls.Config.

Fixes #5829

R=golang-dev, agl, adg
CC=golang-dev
https://golang.org/cl/11691043
parent a293065a
...@@ -666,6 +666,36 @@ func TestClientWithIncorrectTLSServerName(t *testing.T) { ...@@ -666,6 +666,36 @@ func TestClientWithIncorrectTLSServerName(t *testing.T) {
} }
} }
// Test for golang.org/issue/5829; the Transport should respect TLSClientConfig.ServerName
// when not empty.
//
// tls.Config.ServerName (non-empty, set to "example.com") takes
// precedence over "some-other-host.tld" which previously incorrectly
// took precedence. We don't actually connect to (or even resolve)
// "some-other-host.tld", though, because of the Transport.Dial hook.
//
// The httptest.Server has a cert with "example.com" as its name.
func TestTransportUsesTLSConfigServerName(t *testing.T) {
defer afterTest(t)
ts := httptest.NewTLSServer(HandlerFunc(func(w ResponseWriter, r *Request) {
w.Write([]byte("Hello"))
}))
defer ts.Close()
tr := newTLSTransport(t, ts)
tr.TLSClientConfig.ServerName = "example.com" // one of httptest's Server cert names
tr.Dial = func(netw, addr string) (net.Conn, error) {
return net.Dial(netw, ts.Listener.Addr().String())
}
defer tr.CloseIdleConnections()
c := &Client{Transport: tr}
res, err := c.Get("https://some-other-host.tld/")
if err != nil {
t.Fatal(err)
}
res.Body.Close()
}
// Verify Response.ContentLength is populated. http://golang.org/issue/4126 // Verify Response.ContentLength is populated. http://golang.org/issue/4126
func TestClientHeadContentLength(t *testing.T) { func TestClientHeadContentLength(t *testing.T) {
defer afterTest(t) defer afterTest(t)
......
...@@ -514,8 +514,8 @@ func (t *Transport) dialConn(cm *connectMethod) (*persistConn, error) { ...@@ -514,8 +514,8 @@ func (t *Transport) dialConn(cm *connectMethod) (*persistConn, error) {
if err = conn.(*tls.Conn).Handshake(); err != nil { if err = conn.(*tls.Conn).Handshake(); err != nil {
return nil, err return nil, err
} }
if t.TLSClientConfig == nil || !t.TLSClientConfig.InsecureSkipVerify { if !cfg.InsecureSkipVerify {
if err = conn.(*tls.Conn).VerifyHostname(cm.tlsHost()); err != nil { if err = conn.(*tls.Conn).VerifyHostname(cfg.ServerName); err != nil {
return nil, err return nil, err
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment