From da8fd18d8e212c1d25387c5c458857a300d74e5a Mon Sep 17 00:00:00 2001
From: Anthony Romano <anthony.romano@coreos.com>
Date: Thu, 12 Jan 2017 09:10:05 -0800
Subject: [PATCH] transport: warn on user-provided CA

ServerName is ignored for a user-provided CA for backwards compatibility. This
breaks PKI, so warn it is deprecated.
---
 pkg/transport/listener.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/transport/listener.go b/pkg/transport/listener.go
index 3ae1b21d4..144ea02d0 100644
--- a/pkg/transport/listener.go
+++ b/pkg/transport/listener.go
@@ -23,6 +23,7 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
+	"log"
 	"math/big"
 	"net"
 	"os"
@@ -235,6 +236,7 @@ func (info TLSInfo) ClientConfig() (*tls.Config, error) {
 			return nil, err
 		}
 		// if given a CA, trust any host with a cert signed by the CA
+		log.Println("warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated")
 		cfg.ServerName = ""
 	}