aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Tötterman <ptman@users.noreply.github.com>2016-06-01 11:11:28 +0300
committerUnknwon <u@gogs.io>2016-06-01 01:11:28 -0700
commitfb970b9d87ef662e429e651da459445d91020ccf (patch)
treec0389cdb86c53d18cd15f9e9d33da5b89d98c683
parent0240f520ab2565749b7244e79ca2f30f780af46d (diff)
downloadgitea-fb970b9d87ef662e429e651da459445d91020ccf.tar.gz
gitea-fb970b9d87ef662e429e651da459445d91020ccf.zip
Add ServerName to tls.Config in LDAP auth (#3104)
From https://godoc.org/crypto/tls#Config ServerName is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address. This is needed for certificate validation without InsecureSkipVerify.
-rw-r--r--modules/auth/ldap/ldap.go1
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index 8a8cb89b67..0875ec3dae 100644
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -213,6 +213,7 @@ func ldapDial(ls *Source) (*ldap.Conn, error) {
if ls.UseSSL {
log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify)
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{
+ ServerName: ls.Host,
InsecureSkipVerify: ls.SkipVerify,
})
} else {