From eba3081baaea6045bd53fec8de572260ef60803d Mon Sep 17 00:00:00 2001
From: Chris Hodges <chodges@dropbox.com>
Date: Wed, 1 Feb 2023 13:24:24 +0000
Subject: [PATCH] comment cleanup, need to check other cert fields

Signed-off-by: Chris Hodges <chodges@dropbox.com>
---
 web/tls_config.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/web/tls_config.go b/web/tls_config.go
index 2e20f47c..412ccfb9 100644
--- a/web/tls_config.go
+++ b/web/tls_config.go
@@ -68,7 +68,7 @@ func (t *TLSConfig) SetDirectory(dir string) {
 	t.ClientCAs = config_util.JoinDir(dir, t.ClientCAs)
 }
 
-// VerifyPeerCertificate will check the DNS SAN entries of the client cert if there is configuration for it
+// VerifyPeerCertificate will check the SAN entries of the client cert if there is configuration for it
 func (t *TLSConfig) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
 	// sender cert comes first, see https://www.rfc-editor.org/rfc/rfc5246#section-7.4.2
 	cert, err := x509.ParseCertificate(rawCerts[0])
@@ -82,7 +82,9 @@ func (t *TLSConfig) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]
 		}
 	}
 
-	return fmt.Errorf("could not find configured SAN DNS in client cert: %s", t.ClientAllowedSanRegex)
+	//todo: check other fields of the cert
+
+	return fmt.Errorf("could not find configured SAN in client cert: %s", t.ClientAllowedSanRegex)
 }
 
 type HTTPConfig struct {