ServerName not used?
mdosch opened this issue · 0 comments
mdosch commented
According to [1] ServerName should be used to verify the cert:
// ServerName is used to verify the hostname on the returned // certificates unless InsecureSkipVerify is given. It is also included // in the client's handshake to support virtual hosting unless it is // an IP address. ServerName string
But when I connect to e.g. the server xmpp.example.org:443 with the user user@example.org and set ServerName like the following example I get this error:
2020/04/05 21:04:35 x509: certificate is valid for example.org, [other domains but not xmpp.example.org] not xmpp.example.org
var tlsConfig tls.Config
tlsConfig.ServerName = strings.Split(user, "@")[1]
tlsConfig.NextProtos = append(tlsConfig.NextProtos, "xmpp-client")
// Set XMPP connection options.
options := xmpp.Options{
Host: server,
User: user,
[...]
TLSConfig: &tlsConfig,
}
As I understand the explanation from crypto/tls it should not fail as it should check for example.org and not xmpp.example.org although connecting to xmpp.example.org that's why I suspect the library is ignoring my setting of ServerName.