From 72a8fa484b420a5c7e009c81ab9480c934f7d452 Mon Sep 17 00:00:00 2001
From: Aliaksandr Valialkin <valyala@gmail.com>
Date: Fri, 12 Mar 2021 10:40:55 +0200
Subject: [PATCH] lib/proxy: set proxy address in tls.Config.ServerName instead
 of the target address

Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1116
---
 lib/proxy/proxy.go | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/lib/proxy/proxy.go b/lib/proxy/proxy.go
index 8582a83ae..8222b035f 100644
--- a/lib/proxy/proxy.go
+++ b/lib/proxy/proxy.go
@@ -93,19 +93,21 @@ func (u *URL) NewDialFunc(ac *promauth.Config) (fasthttp.DialFunc, error) {
 	if authHeader != "" {
 		authHeader = "Proxy-Authorization: " + authHeader + "\r\n"
 	}
-	tlsCfg := ac.NewTLSConfig()
+	var tlsCfg *tls.Config
+	if isTLS {
+		tlsCfg = ac.NewTLSConfig()
+		if !tlsCfg.InsecureSkipVerify && tlsCfg.ServerName == "" {
+			tlsCfg = tlsCfg.Clone()
+			tlsCfg.ServerName = tlsServerName(proxyAddr)
+		}
+	}
 	dialFunc := func(addr string) (net.Conn, error) {
 		proxyConn, err := defaultDialFunc(proxyAddr)
 		if err != nil {
 			return nil, fmt.Errorf("cannot connect to proxy %q: %w", pu.Redacted(), err)
 		}
 		if isTLS {
-			tlsCfgLocal := tlsCfg
-			if !tlsCfgLocal.InsecureSkipVerify && tlsCfgLocal.ServerName == "" {
-				tlsCfgLocal = tlsCfgLocal.Clone()
-				tlsCfgLocal.ServerName = tlsServerName(addr)
-			}
-			proxyConn = tls.Client(proxyConn, tlsCfgLocal)
+			proxyConn = tls.Client(proxyConn, tlsCfg)
 		}
 		conn, err := sendConnectRequest(proxyConn, proxyAddr, addr, authHeader)
 		if err != nil {