Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
When support for Unix sockets was introduced it was necessary to also explicitly set the `ServerName` in the TLS configuration to the host name of the target host, otherwise the Go library would send the Unix socket name as the host, something like `Host: /tmp/my.socket`. But the TCP client is shared for all hosts, for example for _api.openshift.com_ and _sso.redhat.com_. So if the first request happens to be a request to _sso.redhat.com_ (it will usually be) the HTTP client will use _sso.redhat.com_ as the TLS server name also for API requests, not only for SSO requests. In this case the API server happens to be behind an OpenShift router that uses SNI to select the target service and certificates. As there is no _sso.redhat.com_ target behind that OpenShift router it returns the default, which fails validation against the _sso.redhat.com_ name. To address that this patch changes the SDK so that it uses a different client for each host. Related: #356 Signed-off-by: Juan Hernandez <juan.hernandez@redhat.com>
- Loading branch information