Certificates with IP addresses does not work with this change
javidh opened this issue · 2 comments
With this change, if we have a certificate for an ip address, it will throw an error:
It's not clear to me why this has been added but in many scenarios (especially with k8s structure where certificates are for ip addresses), this will break.
I actually don't really recall what that was for. I want to say it was related to the tests, or perhaps I just didn't think it was possible to generate a cert with an IP address. In any case, it seems like the tests pass with the check removed (see #312).
FWIW, Node prints this warning when an IP address is used for servername:
(node:28639) [DEP0123] DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.
(Usenode --trace-deprecation ...to show where the warning was created)