Mathias Gottschlag created THRIFT-3009:
------------------------------------------
Summary: TSSLSocket does not use the correct hostname (breaks
certificate checks)
Key: THRIFT-3009
URL: https://issues.apache.org/jira/browse/THRIFT-3009
Project: Thrift
Issue Type: Bug
Components: Go - Library
Reporter: Mathias Gottschlag
TSSLSocket first resolves the specified hostname from NewTSSLSocket, and then
passes the IP to tls.Dial. This is wrong because tls.Dial performs TLS
certificate checks and needs the original hostname. The result is that TLS
support is completely broken as the only way to make a successful connection is
to disable the hostname check.
I'd propose (and will upload a patch in a minute) that TSSLSocket gets an field
hostPort (in additon to addr) which contains the unresolved hostname. Open()
then used one of the two fields, depending on which one was specified in the
constructor.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
