rtls supports ServerName

9 months ago · 54ec6c3d60
parent a96bb50d89
commit 54ec6c3d60
2 changed files with 15 additions and 14 deletions
--- a/rtls/config.go
+++ b/rtls/config.go
@ -14,9 +14,9 @@ import (
 // is true, the client will not verify the server's certificate. If mutual is true,
 // the server will verify the client's certificate. If tls1011 is true, the client will
 // accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2 or higher.
-func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual bool) (*tls.Config, error) {
+func CreateConfig(certFile, keyFile, caCertFile, serverName string, noverify, mutual bool) (*tls.Config, error) {
 	var err error
-	config := createBaseTLSConfig(noverify)
+	config := createBaseTLSConfig(serverName, noverify)

 	// load the certificate and key
 	if certFile != "" && keyFile != "" {
@ -57,10 +57,10 @@ func CreateConfig(certFile, keyFile, caCertFile string, noverify, mutual bool) (
 // presented by the server. If noverify is true, the client will not verify the server's certificate.
 // If tls1011 is true, the client will accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2
 // or higher.
-func CreateClientConfig(certFile, keyFile, caCertFile string, noverify bool) (*tls.Config, error) {
+func CreateClientConfig(certFile, keyFile, caCertFile, serverName string, noverify bool) (*tls.Config, error) {
 	var err error

-	config := createBaseTLSConfig(noverify)
+	config := createBaseTLSConfig(serverName, noverify)
 	if certFile != "" && keyFile != "" {
 		config.Certificates = make([]tls.Certificate, 1)
 		config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
@ -89,10 +89,10 @@ func CreateClientConfig(certFile, keyFile, caCertFile string, noverify bool) (*t
 // client. If noverify is true, the server will not verify the client's certificate. If
 // tls1011 is true, the server will accept TLS 1.0 or 1.1. Otherwise, it will require TLS 1.2
 // or higher.
-func CreateServerConfig(certFile, keyFile, caCertFile string, noverify bool) (*tls.Config, error) {
+func CreateServerConfig(certFile, keyFile, caCertFile, serverName string, noverify bool) (*tls.Config, error) {
 	var err error

-	config := createBaseTLSConfig(false)
+	config := createBaseTLSConfig(serverName, false)
 	config.Certificates = make([]tls.Certificate, 1)
 	config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
@ -115,8 +115,9 @@ func CreateServerConfig(certFile, keyFile, caCertFile string, noverify bool) (*t
 	return config, nil
 }

-func createBaseTLSConfig(noverify bool) *tls.Config {
+func createBaseTLSConfig(serverName string, noverify bool) *tls.Config {
 	return &tls.Config{
+		ServerName:         serverName,
 		InsecureSkipVerify: noverify,
 		NextProtos:         []string{"h2", "http/1.1"},
 		MinVersion:         uint16(tls.VersionTLS12),
--- a/rtls/config_test.go
+++ b/rtls/config_test.go
@ -26,7 +26,7 @@ func Test_CreateConfig(t *testing.T) {
 	caCertFile := mustWriteTempFile(t, caCertPEM)

 	// create a config with no server or client verification
-	config, err := CreateConfig(certFile, keyFile, caCertFile, true, false)
+	config, err := CreateConfig(certFile, keyFile, caCertFile, "", true, false)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@ -69,7 +69,7 @@ func Test_CreateConfig(t *testing.T) {
 	}

 	// create a config with server cert verification only
-	config, err = CreateConfig(certFile, keyFile, caCertFile, false, false)
+	config, err = CreateConfig(certFile, keyFile, caCertFile, "", false, false)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@ -81,7 +81,7 @@ func Test_CreateConfig(t *testing.T) {
 	}

 	// create a config with both server and client verification
-	config, err = CreateConfig(certFile, keyFile, "", false, true)
+	config, err = CreateConfig(certFile, keyFile, "", "", false, true)
 	if err != nil {
 		t.Fatalf("failed to create config: %v", err)
 	}
@ -103,7 +103,7 @@ func Test_CreateServerConfig(t *testing.T) {
 	keyFile := mustWriteTempFile(t, keyPEM)

 	// create a server config with no client verification
-	config, err := CreateServerConfig(certFile, keyFile, "", true)
+	config, err := CreateServerConfig(certFile, keyFile, "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create server config: %v", err)
 	}
@ -130,7 +130,7 @@ func Test_CreateServerConfig(t *testing.T) {
 	}

 	// create a server config with client verification
-	config, err = CreateServerConfig(certFile, keyFile, "", false)
+	config, err = CreateServerConfig(certFile, keyFile, "", "", false)
 	if err != nil {
 		t.Fatalf("failed to create server config: %v", err)
 	}
@ -149,7 +149,7 @@ func Test_CreateClientConfig(t *testing.T) {
 	keyFile := mustWriteTempFile(t, keyPEM)

 	// create a client config with no server verification
-	config, err := CreateClientConfig(certFile, keyFile, "", true)
+	config, err := CreateClientConfig(certFile, keyFile, "", "", true)
 	if err != nil {
 		t.Fatalf("failed to create client config: %v", err)
 	}
@ -176,7 +176,7 @@ func Test_CreateClientConfig(t *testing.T) {
 	}

 	// create a client config with server verification
-	config, err = CreateClientConfig(certFile, keyFile, "", false)
+	config, err = CreateClientConfig(certFile, keyFile, "", "", false)
 	if err != nil {
 		t.Fatalf("failed to create client config: %v", err)
 	}