More client-only use for ServerName

cluster/service_mux_test.go

@@ -106,7 +106,7 @@ func mustNewTLSMux() (net.Listener, *tcp.Mux) {
 	key := x509.KeyFile("")
 	defer os.Remove(key)
 
-	mux, err := tcp.NewTLSMux(ln, nil, cert, key, "", "", true, false)
+	mux, err := tcp.NewTLSMux(ln, nil, cert, key, "", true, false)
 	if err != nil {
 		panic(fmt.Sprintf("failed to create TLS mux: %s", err))
 	}

cmd/rqlited/main.go

@@ -405,7 +405,7 @@ func startNodeMux(cfg *Config, ln net.Listener) (*tcp.Mux, error) {
 		}
 		log.Println(b.String())
 		mux, err = tcp.NewTLSMux(ln, adv, cfg.NodeX509Cert, cfg.NodeX509Key, cfg.NodeX509CACert,
-			cfg.NodeVerifyClientName, cfg.NoNodeVerify, cfg.NodeVerifyClient)
+			cfg.NoNodeVerify, cfg.NodeVerifyClient)
 	} else {
 		mux, err = tcp.NewMux(ln, adv)
 	}
@@ -439,7 +439,7 @@ func createClusterClient(cfg *Config, clstr *cluster.Service) (*cluster.Client,
 	var err error
 	if cfg.NodeX509Cert != "" || cfg.NodeX509CACert != "" {
 		dialerTLSConfig, err = rtls.CreateClientConfig(cfg.NodeX509Cert, cfg.NodeX509Key,
-			cfg.NodeVerifyClientName, cfg.NodeX509CACert, cfg.NoNodeVerify)
+			cfg.NodeVerifyServerName, cfg.NodeX509CACert, cfg.NoNodeVerify)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create TLS config for cluster dialer: %s", err.Error())
 		}

system_test/helpers.go

@@ -775,7 +775,7 @@ func mustNewOpenTLSMux(certFile, keyPath, addr string) *tcp.Mux {
 	}
 
 	var mux *tcp.Mux
-	mux, err = tcp.NewTLSMux(ln, nil, certFile, keyPath, "", "", true, false)
+	mux, err = tcp.NewTLSMux(ln, nil, certFile, keyPath, "", true, false)
 	if err != nil {
 		panic(fmt.Sprintf("failed to create node-to-node mux: %s", err.Error()))
 	}

system_test/request_forwarding_test.go

@@ -381,7 +381,7 @@ func mustNewDialer(header byte, remoteEncrypted, skipVerify bool) *tcp.Dialer {
 	var tlsConfig *tls.Config
 	var err error
 	if remoteEncrypted {
-		tlsConfig, err = rtls.CreateClientConfig("", "", "", "", skipVerify)
+		tlsConfig, err = rtls.CreateClientConfig("", "", rtls.NoCACert, rtls.NoServerName, skipVerify)
 		if err != nil {
 			panic(fmt.Sprintf("failed to create client TLS config: %s", err))
 		}

tcp/dialer_test.go

@@ -57,7 +57,7 @@ func Test_DialerHeaderTLS(t *testing.T) {
 	defer os.Remove(key)
 	go s.Start(t)
 
-	tlsConfig, err := rtls.CreateClientConfig("", "", "", "", true)
+	tlsConfig, err := rtls.CreateClientConfig("", "", rtls.NoCACert, rtls.NoServerName, true)
 	if err != nil {
 		t.Fatalf("failed to create TLS config: %s", err.Error())
 	}

tcp/mux.go

@@ -97,7 +97,7 @@ func NewMux(ln net.Listener, adv net.Addr) (*Mux, error) {
 // using TLS. If adv is nil, then the addr of ln is used. If insecure is true,
 // then the server will not verify the client's certificate. If mutual is true,
 // then the server will require the client to present a trusted certificate.
-func NewTLSMux(ln net.Listener, adv net.Addr, cert, key, caCert, serverName string, insecure, mutual bool) (*Mux, error) {
+func NewTLSMux(ln net.Listener, adv net.Addr, cert, key, caCert string, insecure, mutual bool) (*Mux, error) {
 	mux, err := NewMux(ln, adv)
 	if err != nil {
 		return nil, err

tcp/mux_test.go

@@ -176,7 +176,7 @@ func TestTLSMux(t *testing.T) {
 	key := x509.KeyFile("")
 	defer os.Remove(key)
 
-	mux, err := NewTLSMux(tcpListener, nil, cert, key, "", "", true, false)
+	mux, err := NewTLSMux(tcpListener, nil, cert, key, "", true, false)
 	if err != nil {
 		t.Fatalf("failed to create mux: %s", err.Error())
 	}
@@ -199,7 +199,7 @@ func TestTLSMux(t *testing.T) {
 func TestTLSMux_Fail(t *testing.T) {
 	tcpListener := mustTCPListener("127.0.0.1:0")
 	defer tcpListener.Close()
-	_, err := NewTLSMux(tcpListener, nil, "xxxx", "yyyy", "", "", true, false)
+	_, err := NewTLSMux(tcpListener, nil, "xxxx", "yyyy", "", true, false)
 	if err == nil {
 		t.Fatalf("created mux unexpectedly with bad resources")
 	}