The HTTP2 :authority header frequently contains the port along with the hostname. The ValidateAuthority method should strip the port, if it exists, before calling VerifyHostname.
|
func (t TLSInfo) ValidateAuthority(authority string) error { |
|
var errs []error |
|
for _, cert := range t.State.PeerCertificates { |
|
var err error |
|
if err = cert.VerifyHostname(authority); err == nil { |
|
return nil |
|
} |
|
errs = append(errs, err) |
|
} |
|
return fmt.Errorf("credentials: invalid authority %q: %v", authority, errors.Join(errs...)) |
|
} |
We should also add a test to verify the correct behaviour.
The HTTP2
:authorityheader frequently contains the port along with the hostname. TheValidateAuthoritymethod should strip the port, if it exists, before callingVerifyHostname.grpc-go/credentials/tls.go
Lines 57 to 67 in 50c6321
We should also add a test to verify the correct behaviour.