lib/proxy: set proxy address in tls.Config.ServerName instead of the target address

Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1116
This commit is contained in:
Aliaksandr Valialkin 2021-03-12 10:40:55 +02:00
parent 60e0280a94
commit 72a8fa484b

View file

@ -93,19 +93,21 @@ func (u *URL) NewDialFunc(ac *promauth.Config) (fasthttp.DialFunc, error) {
if authHeader != "" {
authHeader = "Proxy-Authorization: " + authHeader + "\r\n"
}
tlsCfg := ac.NewTLSConfig()
var tlsCfg *tls.Config
if isTLS {
tlsCfg = ac.NewTLSConfig()
if !tlsCfg.InsecureSkipVerify && tlsCfg.ServerName == "" {
tlsCfg = tlsCfg.Clone()
tlsCfg.ServerName = tlsServerName(proxyAddr)
}
}
dialFunc := func(addr string) (net.Conn, error) {
proxyConn, err := defaultDialFunc(proxyAddr)
if err != nil {
return nil, fmt.Errorf("cannot connect to proxy %q: %w", pu.Redacted(), err)
}
if isTLS {
tlsCfgLocal := tlsCfg
if !tlsCfgLocal.InsecureSkipVerify && tlsCfgLocal.ServerName == "" {
tlsCfgLocal = tlsCfgLocal.Clone()
tlsCfgLocal.ServerName = tlsServerName(addr)
}
proxyConn = tls.Client(proxyConn, tlsCfgLocal)
proxyConn = tls.Client(proxyConn, tlsCfg)
}
conn, err := sendConnectRequest(proxyConn, proxyAddr, addr, authHeader)
if err != nil {