include ServerName in TLS configuration

This is required for Go to establish a TLS connection unless InsecureSkipVerify is set.
janimo · Jan 22, 2016 · 50366b1 · 50366b1
1 parent 505e129
commit 50366b1
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/transport.go b/transport.go
@@ -8,6 +8,7 @@ import (
 	"crypto/tls"
 	"fmt"
 	"io"
+	"net"
 	"net/http"
 	"net/url"
 
@@ -58,10 +59,15 @@ func getProxy(req *http.Request) (*url.URL, error) {
 }
 
 func newHTTPTransporter(baseURL, user, pass string) *httpTransporter {
+	u, _ := url.Parse(baseURL)
+	host, _, _ := net.SplitHostPort(u.Host)
 	client := &http.Client{
 		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{RootCAs: rootCA},
-			Proxy:           getProxy,
+			TLSClientConfig: &tls.Config{
+				RootCAs:    rootCA,
+				ServerName: host,
+			},
+			Proxy: getProxy,
 		},
 	}
 

diff --git a/websocket.go b/websocket.go
@@ -64,7 +64,15 @@ func newWSConn(originURL, user, pass string) (*wsConn, error) {
 	if err != nil {
 		return nil, err
 	}
-	wsConfig.TlsConfig = &tls.Config{RootCAs: rootCA}
+	host, _, err := net.SplitHostPort(wsConfig.Location.Host)
+	if err != nil {
+		return nil, err
+	}
+
+	wsConfig.TlsConfig = &tls.Config{
+		RootCAs:    rootCA,
+		ServerName: host,
+	}
 
 	var wsc *websocket.Conn