Merge pull request #56415 from liggitt/tls-cache-key

Automatic merge from submit-queue (batch tested with PRs 56094, 52910, 55953, 56405, 56415). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Include ServerName in tls transport cache key Fixes #56385 ```release-note Fixes server name verification of aggregated API servers and webhook admission endpoints ``` Kubernetes-commit: a46153e2f988382535aaf27a5a90b13b6c10712b
2025-06-26 23:17:34 +00:00 · 2017-11-27 16:04:31 -08:00 · 2017-11-27 16:04:31 -08:00 · 84b6352f98
commit 84b6352f98
parent b59eb049cd fdf7e51f22
3 changed files with 723 additions and 709 deletions
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
--- a/transport/cache.go
+++ b/transport/cache.go
@ -88,5 +88,5 @@ func tlsConfigKey(c *Config) (string, error) {
 		return "", err
 	}
 	// Only include the things that actually affect the tls.Config
-	return fmt.Sprintf("%v/%x/%x/%x", c.TLS.Insecure, c.TLS.CAData, c.TLS.CertData, c.TLS.KeyData), nil
+	return fmt.Sprintf("%v/%x/%x/%x/%v", c.TLS.Insecure, c.TLS.CAData, c.TLS.CertData, c.TLS.KeyData, c.TLS.ServerName), nil
 }
--- a/transport/cache_test.go
+++ b/transport/cache_test.go
@ -62,6 +62,20 @@ func TestTLSConfigKey(t *testing.T) {
 				KeyData:  []byte{1},
 			},
 		},
+		"cert 1, key 1, servername 1": {
+			TLS: TLSConfig{
+				CertData:   []byte{1},
+				KeyData:    []byte{1},
+				ServerName: "1",
+			},
+		},
+		"cert 1, key 1, servername 2": {
+			TLS: TLSConfig{
+				CertData:   []byte{1},
+				KeyData:    []byte{1},
+				ServerName: "2",
+			},
+		},
 		"cert 1, key 2": {
 			TLS: TLSConfig{
 				CertData: []byte{1},