From c189337b6eca28486c8d47333fb231ad65f7088b Mon Sep 17 00:00:00 2001 From: Anis Elleuch Date: Thu, 20 Oct 2016 15:43:31 +0100 Subject: [PATCH] rpc: Support SNI in TLS certificates (#3009) --- cmd/net-rpc-client.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cmd/net-rpc-client.go b/cmd/net-rpc-client.go index 57e64e861..b007caaaa 100644 --- a/cmd/net-rpc-client.go +++ b/cmd/net-rpc-client.go @@ -78,7 +78,12 @@ func (rpcClient *RPCClient) dialRPCClient() (*rpc.Client, error) { var conn net.Conn if rpcClient.secureConn { - conn, err = tls.Dial("tcp", rpcClient.node, &tls.Config{}) + hostname, _, splitErr := net.SplitHostPort(rpcClient.node) + if splitErr != nil { + return nil, errors.New("Unable to parse RPC address <" + rpcClient.node + "> : " + splitErr.Error()) + } + // ServerName in tls.Config needs to be specified to support SNI certificates + conn, err = tls.Dial("tcp", rpcClient.node, &tls.Config{ServerName: hostname}) } else { // Have a dial timeout with 3 secs. conn, err = net.DialTimeout("tcp", rpcClient.node, 3*time.Second)