MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: do not make TLS strict based on serverName (#13372)

Browse Source 
LDAP TLS dialer shouldn't be strict with ServerName, there
maybe many certs talking to common DNS endpoint it is
better to allow Dialer to choose appropriate public cert.
This commit is contained in:
Harshavardhana
2021-10-06 14:19:32 -07:00
committed by GitHub
parent 421160631a
commit cb2c2905c5
1 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/config/identity/ldap/config.go
View File

@@ -319,9 +319,8 @@ func (l *Config) Connect() (ldapConn *ldap.Conn, err error) {
return nil, errors.New("LDAP is not configured")
}
serverHost, _, err := net.SplitHostPort(l.ServerAddr)
_, _, err = net.SplitHostPort(l.ServerAddr)
if err != nil {
serverHost = l.ServerAddr
// User default LDAP port if none specified "636"
l.ServerAddr = net.JoinHostPort(l.ServerAddr, "636")
}
@@ -333,7 +332,6 @@ func (l *Config) Connect() (ldapConn *ldap.Conn, err error) {
tlsConfig := &tls.Config{
InsecureSkipVerify: l.tlsSkipVerify,
RootCAs: l.rootCAs,
ServerName: serverHost,
}
if l.serverStartTLS {