transport: warn on user-provided CA

ServerName is ignored for a user-provided CA for backwards compatibility. This
breaks PKI, so warn it is deprecated.

pkg/transport/listener.go

@@ -23,6 +23,7 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
+	"log"
 	"math/big"
 	"net"
 	"os"
@@ -235,6 +236,7 @@ func (info TLSInfo) ClientConfig() (*tls.Config, error) {
 			return nil, err
 		}
 		// if given a CA, trust any host with a cert signed by the CA
+		log.Println("warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated")
 		cfg.ServerName = ""
 	}