From 5469c01fff5eb8d0a41dab7f49480789f8d6e99d Mon Sep 17 00:00:00 2001 From: zeeZ Date: Fri, 25 Oct 2019 19:21:45 +0200 Subject: [PATCH 1/2] Use hostname from request URL for server name verification. --- utils/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/utils.go b/utils/utils.go index 4fdee729..601ee7a6 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -308,7 +308,7 @@ func HttpRequest(url, method string, content interface{}, headers []string, body transport := &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: !verifySSL, - ServerName: req.Host, + ServerName: req.URL.Hostname(), }, DisableKeepAlives: true, ResponseHeaderTimeout: timeout, From 5bdc254bef0df1acfb61d38e0d51b1fc8cdd6327 Mon Sep 17 00:00:00 2001 From: zeeZ Date: Fri, 25 Oct 2019 23:05:26 +0200 Subject: [PATCH 2/2] Honor header override in hostname verification --- utils/utils.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/utils/utils.go b/utils/utils.go index 601ee7a6..bdc76ffe 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -286,12 +286,15 @@ func HttpRequest(url, method string, content interface{}, headers []string, body if content != nil { req.Header.Set("Content-Type", content.(string)) } + + verifyHost := req.URL.Hostname() for _, h := range headers { keyVal := strings.Split(h, "=") if len(keyVal) == 2 { if keyVal[0] != "" && keyVal[1] != "" { if strings.ToLower(keyVal[0]) == "host" { req.Host = strings.TrimSpace(keyVal[1]) + verifyHost = req.Host } else { req.Header.Set(keyVal[0], keyVal[1]) } @@ -308,7 +311,7 @@ func HttpRequest(url, method string, content interface{}, headers []string, body transport := &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: !verifySSL, - ServerName: req.URL.Hostname(), + ServerName: verifyHost, }, DisableKeepAlives: true, ResponseHeaderTimeout: timeout,