From fb970b9d87ef662e429e651da459445d91020ccf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20T=C3=B6tterman?= Date: Wed, 1 Jun 2016 11:11:28 +0300 Subject: [PATCH] Add ServerName to tls.Config in LDAP auth (#3104) From https://godoc.org/crypto/tls#Config ServerName is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address. This is needed for certificate validation without InsecureSkipVerify. --- modules/auth/ldap/ldap.go | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index 8a8cb89b6..0875ec3da 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -213,6 +213,7 @@ func ldapDial(ls *Source) (*ldap.Conn, error) { if ls.UseSSL { log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify) return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{ + ServerName: ls.Host, InsecureSkipVerify: ls.SkipVerify, }) } else {