DialTLS: use tls.Dial instead of doing an explicit handshake

[ericchiang]

This was brought up in dexidp/dex#689

Currently DialTLS() uses net.Dial then performs an explicit handshake.[0]

We noticed this because tls.Dial does a few other things like inferring the ServerName[1], but since the LDAP client doesn't use that code path, users have to set it explicitly.

Is there a reason this client needs to do its own handshake?

[0]

ldap/conn.go

Lines 124 to 138 in d0a5ced

	func DialTLS(network, addr string, config *tls.Config) (*Conn, error) {
	dc, err := net.DialTimeout(network, addr, DefaultTimeout)
	if err != nil {
	return nil, NewError(ErrorNetwork, err)
	}
	c := tls.Client(dc, config)
	err = c.Handshake()
	if err != nil {
	// Handshake error, close the established connection before we return an error
	dc.Close()
	return nil, NewError(ErrorNetwork, err)
	}
	conn := NewConn(c, true)
	conn.Start()
	return conn, nil

[1] https://github.com/golang/go/blob/go1.7.3/src/crypto/tls/tls.go#L134-L141

[liggitt]

https://github.com/go-ldap/ldap/pull/65/files switches to use DialWithDialer, but depends on a newer version of go. Will switch to that for v3 when we bump minimum supported go versions

[ericchiang]

cool, thanks.

[stefanmcshane]

Closing as this can be implementing using DialWithDialer DialOpt with DialURL