aboutsummaryrefslogtreecommitdiffstats
path: root/modules/auth/ldap
diff options
context:
space:
mode:
authorPaul Tötterman <ptman@users.noreply.github.com>2016-06-01 11:11:28 +0300
committerUnknwon <u@gogs.io>2016-06-01 01:11:28 -0700
commitfb970b9d87ef662e429e651da459445d91020ccf (patch)
treec0389cdb86c53d18cd15f9e9d33da5b89d98c683 /modules/auth/ldap
parent0240f520ab2565749b7244e79ca2f30f780af46d (diff)
downloadgitea-fb970b9d87ef662e429e651da459445d91020ccf.tar.gz
gitea-fb970b9d87ef662e429e651da459445d91020ccf.zip
Add ServerName to tls.Config in LDAP auth (#3104)
From https://godoc.org/crypto/tls#Config ServerName is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address. This is needed for certificate validation without InsecureSkipVerify.
Diffstat (limited to 'modules/auth/ldap')
-rw-r--r--modules/auth/ldap/ldap.go1
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index 8a8cb89b67..0875ec3dae 100644
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -213,6 +213,7 @@ func ldapDial(ls *Source) (*ldap.Conn, error) {
if ls.UseSSL {
log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify)
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{
+ ServerName: ls.Host,
InsecureSkipVerify: ls.SkipVerify,
})
} else {