From: Brad Fitzpatrick <bradfitz@golang.org>
Date: Tue, 23 Jul 2013 05:39:09 +0000 (-0700)
Subject: net/http: respect tls.Config.ServerName in Transport
X-Git-Tag: go1.2rc2~968
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=baa9ca032bf257eb931f3fe82897650e21206093;p=gostls13.git

net/http: respect tls.Config.ServerName in Transport

When making an HTTPS client request, respect the
ServerName field in the tls.Config.

Fixes #5829

R=golang-dev, agl, adg
CC=golang-dev
https://golang.org/cl/11691043
---

diff --git a/src/pkg/net/http/client_test.go b/src/pkg/net/http/client_test.go
index e82fafd57f..69fa168dd4 100644
--- a/src/pkg/net/http/client_test.go
+++ b/src/pkg/net/http/client_test.go
@@ -666,6 +666,36 @@ func TestClientWithIncorrectTLSServerName(t *testing.T) {
 	}
 }
 
+// Test for golang.org/issue/5829; the Transport should respect TLSClientConfig.ServerName
+// when not empty.
+//
+// tls.Config.ServerName (non-empty, set to "example.com") takes
+// precedence over "some-other-host.tld" which previously incorrectly
+// took precedence. We don't actually connect to (or even resolve)
+// "some-other-host.tld", though, because of the Transport.Dial hook.
+//
+// The httptest.Server has a cert with "example.com" as its name.
+func TestTransportUsesTLSConfigServerName(t *testing.T) {
+	defer afterTest(t)
+	ts := httptest.NewTLSServer(HandlerFunc(func(w ResponseWriter, r *Request) {
+		w.Write([]byte("Hello"))
+	}))
+	defer ts.Close()
+
+	tr := newTLSTransport(t, ts)
+	tr.TLSClientConfig.ServerName = "example.com" // one of httptest's Server cert names
+	tr.Dial = func(netw, addr string) (net.Conn, error) {
+		return net.Dial(netw, ts.Listener.Addr().String())
+	}
+	defer tr.CloseIdleConnections()
+	c := &Client{Transport: tr}
+	res, err := c.Get("https://some-other-host.tld/")
+	if err != nil {
+		t.Fatal(err)
+	}
+	res.Body.Close()
+}
+
 // Verify Response.ContentLength is populated. http://golang.org/issue/4126
 func TestClientHeadContentLength(t *testing.T) {
 	defer afterTest(t)
diff --git a/src/pkg/net/http/transport.go b/src/pkg/net/http/transport.go
index 3f650ddb48..49a034b9b5 100644
--- a/src/pkg/net/http/transport.go
+++ b/src/pkg/net/http/transport.go
@@ -514,8 +514,8 @@ func (t *Transport) dialConn(cm *connectMethod) (*persistConn, error) {
 		if err = conn.(*tls.Conn).Handshake(); err != nil {
 			return nil, err
 		}
-		if t.TLSClientConfig == nil || !t.TLSClientConfig.InsecureSkipVerify {
-			if err = conn.(*tls.Conn).VerifyHostname(cm.tlsHost()); err != nil {
+		if !cfg.InsecureSkipVerify {
+			if err = conn.(*tls.Conn).VerifyHostname(cfg.ServerName); err != nil {
 				return nil, err
 			}
 		}