ensure tls server name is used in transport

Kubernetes-commit: 6f657424743e93d064f8975a930941ba73f53110
2025-08-31 14:44:50 +00:00 · 2018-04-17 00:59:27 -04:00
parent 015563ab58
commit d23614d7ea
2 changed files with 8 additions and 1 deletions
--- a/transport/transport.go
+++ b/transport/transport.go
@@ -52,7 +52,7 @@ func New(config *Config) (http.RoundTripper, error) {
 // TLSConfigFor returns a tls.Config that will provide the transport level security defined
 // by the provided Config. Will return nil if no transport level security is requested.
 func TLSConfigFor(c *Config) (*tls.Config, error) {
-	if !(c.HasCA() || c.HasCertAuth() || c.TLS.Insecure) {
+	if !(c.HasCA() || c.HasCertAuth() || c.TLS.Insecure || len(c.TLS.ServerName) > 0) {
 		return nil, nil
 	}
 	if c.HasCA() && c.TLS.Insecure {
--- a/transport/transport_test.go
+++ b/transport/transport_test.go
@@ -101,6 +101,13 @@ func TestNew(t *testing.T) {
 			Config:  &Config{},
 		},

+		"server name": {
+			TLS: true,
+			Config: &Config{TLS: TLSConfig{
+				ServerName: "foo",
+			}},
+		},
+
 		"ca transport": {
 			TLS: true,
 			Config: &Config{