mirror of
https://github.com/octoleo/syncthing.git
synced 2024-11-09 23:00:58 +00:00
2dc2aa5d21
Our authentication is based on device ID (certificate fingerprint) but we also check the certificate name for ... historical extra security reasons. (I don't think this adds anything but it is what it is.) Since that check breaks in Go 1.15 this change does two things: - Adds a manual check for the peer certificate CommonName, and if they are equal we are happy and don't call the more advanced VerifyHostname() function. This allows our old style certificates to still pass the check. - Adds the cert name "syncthing" as a DNS SAN when generating the certificate. This is the correct way nowadays and makes VerifyHostname() happy in Go 1.15 as well, even without the above patch. |
||
|---|---|---|
| .. | ||
| tlsutil_test.go | ||
| tlsutil.go | ||