[ https://issues.apache.org/jira/browse/THRIFT-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14340945#comment-14340945 ]
Hudson commented on THRIFT-3009: -------------------------------- SUCCESS: Integrated in Thrift #1466 (See [https://builds.apache.org/job/Thrift/1466/]) THRIFT-3009 TSSLSocket does not use the correct hostname (breaks certificate checks) (jensg: rev 00a4e3e802ea68fd992e1fa0061fe6f3f39872ee) * lib/go/thrift/ssl_socket.go > TSSLSocket does not use the correct hostname (breaks certificate checks) > ------------------------------------------------------------------------ > > Key: THRIFT-3009 > URL: https://issues.apache.org/jira/browse/THRIFT-3009 > Project: Thrift > Issue Type: Bug > Components: Go - Library > Reporter: Mathias Gottschlag > Assignee: Jens Geyer > Fix For: 0.9.3 > > Attachments: > 0001-THRIFT-3009-Make-TSSLSocket-use-the-original-hostnam.patch > > > TSSLSocket first resolves the specified hostname from NewTSSLSocket, and then > passes the IP to tls.Dial. This is wrong because tls.Dial performs TLS > certificate checks and needs the original hostname. The result is that TLS > support is completely broken as the only way to make a successful connection > is to disable the hostname check. > I'd propose (and will upload a patch in a minute) that TSSLSocket gets an > field hostPort (in additon to addr) which contains the unresolved hostname. > Open() then used one of the two fields, depending on which one was specified > in the constructor. -- This message was sent by Atlassian JIRA (v6.3.4#6332)