mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
fix: do not make TLS strict based on serverName (#13372)
LDAP TLS dialer shouldn't be strict with ServerName, there maybe many certs talking to common DNS endpoint it is better to allow Dialer to choose appropriate public cert.
This commit is contained in:
parent
421160631a
commit
cb2c2905c5
@ -319,9 +319,8 @@ func (l *Config) Connect() (ldapConn *ldap.Conn, err error) {
|
||||
return nil, errors.New("LDAP is not configured")
|
||||
}
|
||||
|
||||
serverHost, _, err := net.SplitHostPort(l.ServerAddr)
|
||||
_, _, err = net.SplitHostPort(l.ServerAddr)
|
||||
if err != nil {
|
||||
serverHost = l.ServerAddr
|
||||
// User default LDAP port if none specified "636"
|
||||
l.ServerAddr = net.JoinHostPort(l.ServerAddr, "636")
|
||||
}
|
||||
@ -333,7 +332,6 @@ func (l *Config) Connect() (ldapConn *ldap.Conn, err error) {
|
||||
tlsConfig := &tls.Config{
|
||||
InsecureSkipVerify: l.tlsSkipVerify,
|
||||
RootCAs: l.rootCAs,
|
||||
ServerName: serverHost,
|
||||
}
|
||||
|
||||
if l.serverStartTLS {
|
||||
|
Loading…
Reference in New Issue
Block a user