enable SNI on oidc-provider

aws · Mar 4, 2021 · bf7c004 · bf7c004
1 parent 9331657
commit bf7c004
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts b/packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts
@@ -28,7 +28,7 @@ async function downloadThumbprint(issuerUrl: string) {
  if (!purl.host) {
  return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`));
  }
- const socket = tls.connect(port, purl.host, { rejectUnauthorized: false });
+ const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host });
  socket.once('error', ko);
  socket.once('secureConnect', () => {
  const cert = socket.getPeerCertificate();