Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply DefaultServerName more broadly during handshake #287

Merged
merged 1 commit into from
May 13, 2024
Merged

Apply DefaultServerName more broadly during handshake #287

merged 1 commit into from
May 13, 2024

Conversation

mholt
Copy link
Member

@mholt mholt commented May 7, 2024

Currently, we only use DefaultServerName for choosing a certificate. This doesn't make a lot of sense, because if that is set to a name that doesn't have a cert managed for it, it will not be of much use because we'd use the IP address to fill in an empty ServerName when doing logic, but only using DefaultServerName when loading the certs. So things didn't line up sometimes.

This change makes it so that DefaultServerName will always be used as the ServerName when it was empty, meaning that the IP address will never be used as the "name". This is more expected behavior. (So obviously, if you WANT to serve your IP address over TLS, then don't set DefaultServerName.)

This is being deployed soon to a production environment but is so far working well in staging. Likely to be merged into mainstream CM.

ArturFortunato
ArturFortunato reviewed May 13, 2024
View reviewed changes
Copy link

@ArturFortunato ArturFortunato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leaving our feedback here, since we we're the ones that asked for this: This setup does seem to work, we had this running in production for > 1 week with no issues whatsoever!

@mholt
Copy link
Member Author

mholt commented May 13, 2024

Awesome!! I'll merge it in.

@mholt mholt merged commit 8ac11fa into master May 13, 2024
6 checks passed
@mholt mholt deleted the default-sni branch May 13, 2024 15:08
@ankon ankon mentioned this pull request Oct 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ArturFortunato ArturFortunato ArturFortunato left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mholt @ArturFortunato