diff options
author | Paul Tötterman <ptman@users.noreply.github.com> | 2016-06-01 11:11:28 +0300 |
---|---|---|
committer | Unknwon <u@gogs.io> | 2016-06-01 01:11:28 -0700 |
commit | fb970b9d87ef662e429e651da459445d91020ccf (patch) | |
tree | c0389cdb86c53d18cd15f9e9d33da5b89d98c683 /modules/auth/ldap | |
parent | 0240f520ab2565749b7244e79ca2f30f780af46d (diff) | |
download | gitea-fb970b9d87ef662e429e651da459445d91020ccf.tar.gz gitea-fb970b9d87ef662e429e651da459445d91020ccf.zip |
Add ServerName to tls.Config in LDAP auth (#3104)
From https://godoc.org/crypto/tls#Config
ServerName is used to verify the hostname on the returned
certificates unless InsecureSkipVerify is given. It is also included
in the client's handshake to support virtual hosting unless it is
an IP address.
This is needed for certificate validation without InsecureSkipVerify.
Diffstat (limited to 'modules/auth/ldap')
-rw-r--r-- | modules/auth/ldap/ldap.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index 8a8cb89b67..0875ec3dae 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -213,6 +213,7 @@ func ldapDial(ls *Source) (*ldap.Conn, error) { if ls.UseSSL { log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify) return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{ + ServerName: ls.Host, InsecureSkipVerify: ls.SkipVerify, }) } else { |