Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8223 from heyitsanthony/ip-san-exit

Browse Source 
transport: accept connection if matched IP SAN but no DNS match
This commit is contained in:
Anthony Romano 2017-07-06 22:46:09 -07:00 committed by GitHub
commit 67fa8b823f
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/transport/listener_tls.go
View File

@ -197,7 +197,11 @@ func checkCertSAN(ctx context.Context, cert *x509.Certificate, remoteAddr string
return herr return herr
} }
if len(cert.IPAddresses) > 0 { if len(cert.IPAddresses) > 0 {
if cerr := cert.VerifyHostname(h); cerr != nil && len(cert.DNSNames) == 0 { cerr := cert.VerifyHostname(h)
if cerr == nil {
return nil
}
if len(cert.DNSNames) == 0 {
return cerr return cerr
} }
} }