add InsecureSkipServerNameVerify to tls.Config (#158)

* add InsecureSkipServerNameVerify to tls.Config * Support clone InsecureSkipServerNameVerify, update error message
2025-04-03 20:17:36 +03:00 · 2023-02-04 21:10:59 +00:00 · 2023-02-04 21:10:59 +00:00 · d139a4a652
commit d139a4a652
parent a3b55c90c4
4 changed files with 55 additions and 35 deletions
--- a/handshake_client.go
+++ b/handshake_client.go
@ -40,9 +40,13 @@ var testingOnlyForceClientHelloSignatureAlgorithms []SignatureScheme

 func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) {
 	config := c.config
-	if len(config.ServerName) == 0 && !config.InsecureSkipVerify {
-		return nil, nil, errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config")
+
+	// [UTLS SECTION START]
+	skipServerNameVerify := config.InsecureSkipVerify || config.InsecureSkipServerNameVerify
+	if len(config.ServerName) == 0 && !skipServerNameVerify {
+		return nil, nil, errors.New("tls: at least one of ServerName, InsecureSkipVerify or InsecureSkipServerNameVerify must be specified in the tls.Config")
 	}
+	// [UTLS SECTION END]

 	nextProtosLength := 0
 	for _, proto := range config.NextProtos {
@ -874,13 +878,18 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 	}

 	if !c.config.InsecureSkipVerify {
+		// [UTLS SECTION START]
 		opts := x509.VerifyOptions{
 			Roots:         c.config.RootCAs,
 			CurrentTime:   c.config.time(),
-			DNSName:       c.config.ServerName,
 			Intermediates: x509.NewCertPool(),
 		}

+		if !c.config.InsecureSkipServerNameVerify {
+			opts.DNSName = c.config.ServerName
+		}
+		// [UTLS SECTION END]
+
 		for _, cert := range certs[1:] {
 			opts.Intermediates.AddCert(cert)
 		}