Fix serverName config bug for tls health checks

The option was available but without effect.
appclacks · Dec 24, 2022 · fd225f2 · fd225f2
1 parent 8517d98
commit fd225f2
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 6 deletions.
diff --git a/discovery/http/root.go b/discovery/http/root.go
@@ -33,7 +33,7 @@ type HTTPDiscovery struct {
 // New creates a new HTTP Discovery
 func New(logger *zap.Logger, config *Configuration, checkComponent *healthcheck.Component, counter *prom.CounterVec, histogram *prom.HistogramVec) (*HTTPDiscovery, error) {
 	protocol := "http"
-	tlsConfig, err := tls.GetTLSConfig(config.Key, config.Cert, config.Cacert, config.Insecure)
+	tlsConfig, err := tls.GetTLSConfig(config.Key, config.Cert, config.Cacert, "", config.Insecure)
 	if err != nil {
 		return nil, err
 	}

diff --git a/exporter/http.go b/exporter/http.go
@@ -65,7 +65,7 @@ func (c *HTTPConfiguration) UnmarshalYAML(unmarshal func(interface{}) error) err
 // NewHTTPExporter creates a new HTTP exporter
 func NewHTTPExporter(logger *zap.Logger, config *HTTPConfiguration) (*HTTPExporter, error) {
 	protocol := "http"
-	tlsConfig, err := tls.GetTLSConfig(config.Key, config.Cert, config.Cacert, config.Insecure)
+	tlsConfig, err := tls.GetTLSConfig(config.Key, config.Cert, config.Cacert, "", config.Insecure)
 	if err != nil {
 		return nil, err
 	}

diff --git a/exporter/riemann.go b/exporter/riemann.go
@@ -6,7 +6,7 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
-	"github.com/riemann/riemann-go-client"
+	riemanngo "github.com/riemann/riemann-go-client"
 	"go.uber.org/zap"
 
 	"github.com/mcorbin/cabourotte/healthcheck"
@@ -64,7 +64,7 @@ func getClient(config *RiemannConfiguration) (riemanngo.Client, error) {
 	var client riemanngo.Client
 	url := net.JoinHostPort(config.Host, fmt.Sprintf("%d", config.Port))
 	if config.Key != "" || config.Cert != "" || config.Cacert != "" {
-		tlsConfig, err := tls.GetTLSConfig(config.Key, config.Cert, config.Cacert, config.Insecure)
+		tlsConfig, err := tls.GetTLSConfig(config.Key, config.Cert, config.Cacert, "", config.Insecure)
 		if err != nil {
 			return nil, errors.Wrapf(err, "Fail to build the Riemann exporter tls configuration")
 		}

diff --git a/healthcheck/tls.go b/healthcheck/tls.go
@@ -102,7 +102,7 @@ func (h *TLSHealthcheck) buildURL() {
 // Initialize the healthcheck.
 func (h *TLSHealthcheck) Initialize() error {
 	h.buildURL()
-	tlsConfig, err := tls.GetTLSConfig(h.Config.Key, h.Config.Cert, h.Config.Cacert, h.Config.Insecure)
+	tlsConfig, err := tls.GetTLSConfig(h.Config.Key, h.Config.Cert, h.Config.Cacert, h.Config.ServerName, h.Config.Insecure)
 	if err != nil {
 		return err
 	}

diff --git a/tls/tls.go b/tls/tls.go
@@ -10,7 +10,7 @@ import (
 )
 
 // GetTLSConfig returns a tls configuration
-func GetTLSConfig(keyPath string, certPath string, cacertPath string, insecure bool) (*tls.Config, error) {
+func GetTLSConfig(keyPath string, certPath string, cacertPath string, serverName string, insecure bool) (*tls.Config, error) {
 	tlsConfig := &tls.Config{}
 	if keyPath != "" {
 		cert, err := tls.LoadX509KeyPair(certPath, keyPath)
@@ -32,6 +32,9 @@ func GetTLSConfig(keyPath string, certPath string, cacertPath string, insecure b
 		tlsConfig.RootCAs = caCertPool
 
 	}
+	if serverName != "" {
+		tlsConfig.ServerName = serverName
+	}
 	tlsConfig.InsecureSkipVerify = insecure
 	return tlsConfig, nil
 }