[Issue 489] TLS fix for certificate that does not include IP SANS, sa…

…ve hostname before switching to physical addr (#812) * Save hostname before switching to physical addr for TLS Resolved #489 * merged master * Changed log level to Debug for TLS IP SANS fix
apache · Nov 2, 2022 · 44b64aa · 44b64aa
1 parent 4e6915d
commit 44b64aa
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/pulsar/client_impl.go b/pulsar/client_impl.go
@@ -75,6 +75,7 @@ func newClient(options ClientOptions) (Client, error) {
 			CertFile:                options.TLSCertificateFile,
 			TrustCertsFilePath:      options.TLSTrustCertsFilePath,
 			ValidateHostname:        options.TLSValidateHostname,
+			ServerName:              url.Hostname(),
 		}
 	default:
 		return nil, newError(InvalidConfiguration, fmt.Sprintf("Invalid URL scheme '%s'", url.Scheme))

diff --git a/pulsar/internal/connection.go b/pulsar/internal/connection.go
@@ -48,6 +48,7 @@ type TLSOptions struct {
 	TrustCertsFilePath      string
 	AllowInsecureConnection bool
 	ValidateHostname        bool
+	ServerName              string
 }
 
 var (
@@ -977,7 +978,12 @@ func (c *connection) getTLSConfig() (*tls.Config, error) {
 	}
 
 	if c.tlsOptions.ValidateHostname {
-		tlsConfig.ServerName = c.physicalAddr.Hostname()
+		if c.tlsOptions.ServerName != "" {
+			tlsConfig.ServerName = c.tlsOptions.ServerName
+		} else {
+			tlsConfig.ServerName = c.physicalAddr.Hostname()
+		}
+		c.log.Debugf("getTLSConfig(): setting tlsConfig.ServerName = %+v", tlsConfig.ServerName)
 	}
 
 	if c.tlsOptions.CertFile != "" || c.tlsOptions.KeyFile != "" {