mirror of
https://github.com/documize/community.git
synced 2025-07-23 15:19:42 +02:00
35 lines
1.1 KiB
Go
35 lines
1.1 KiB
Go
//go:build go1.15
|
|
// +build go1.15
|
|
|
|
package msdsn
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
)
|
|
|
|
func setupTLSCommonName(config *tls.Config, pem []byte) error {
|
|
// fix for https://github.com/denisenkom/go-mssqldb/issues/704
|
|
// A SSL/TLS certificate Common Name (CN) containing the ":" character
|
|
// (which is a non-standard character) will cause normal verification to fail.
|
|
// Since the VerifyConnection callback runs after normal certificate
|
|
// verification, confirm that SetupTLS() has been called
|
|
// with "insecureSkipVerify=false", then InsecureSkipVerify must be set to true
|
|
// for this VerifyConnection callback to accomplish certificate verification.
|
|
config.InsecureSkipVerify = true
|
|
config.VerifyConnection = func(cs tls.ConnectionState) error {
|
|
commonName := cs.PeerCertificates[0].Subject.CommonName
|
|
if commonName != cs.ServerName {
|
|
return fmt.Errorf("invalid certificate name %q, expected %q", commonName, cs.ServerName)
|
|
}
|
|
opts := x509.VerifyOptions{
|
|
Roots: nil,
|
|
Intermediates: x509.NewCertPool(),
|
|
}
|
|
opts.Intermediates.AppendCertsFromPEM(pem)
|
|
_, err := cs.PeerCertificates[0].Verify(opts)
|
|
return err
|
|
}
|
|
return nil
|
|
}
|