octoleo/syncthing
1
0
Fork 0
mirror of https://github.com/octoleo/syncthing.git synced 2025-02-02 11:58:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

lib/api: Set ServerName on LDAPS connections (fixes #6450) (#6451)

Browse Source 
tls.Dial needs it for certificate verification.
This commit is contained in:
Jakob Borg 2020-03-24 12:56:43 +01:00 committed by GitHub
parent ddfa82e990
commit ca89f12be6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/api/api_auth.go
View File

@ -11,6 +11,7 @@ import (
"crypto/tls" "crypto/tls"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"net"
"net/http" "net/http"
"strings" "strings"
"time" "time"
@ -130,10 +131,16 @@ func authStatic(username string, password string, configUser string, configPassw
func authLDAP(username string, password string, cfg config.LDAPConfiguration) bool { func authLDAP(username string, password string, cfg config.LDAPConfiguration) bool {
address := cfg.Address address := cfg.Address
hostname, _, err := net.SplitHostPort(address)
if err != nil {
hostname = address
}
var connection *ldap.Conn var connection *ldap.Conn
var err error
if cfg.Transport == config.LDAPTransportTLS { if cfg.Transport == config.LDAPTransportTLS {
connection, err = ldap.DialTLS("tcp", address, &tls.Config{InsecureSkipVerify: cfg.InsecureSkipVerify}) connection, err = ldap.DialTLS("tcp", address, &tls.Config{
ServerName: hostname,
InsecureSkipVerify: cfg.InsecureSkipVerify,
})
} else { } else {
connection, err = ldap.Dial("tcp", address) connection, err = ldap.Dial("tcp", address)
} }