tls config needs ServerName #22
Description
Trying to post to a server that uses SSL, I set up my config like so:
[server "us.bintube.com"]
Address=us.bintube.com
Port=563
... (personal and unrelated info omitted) ...
; Encryption - 'on', 'off', whatever.
TLS=on
; Ignore SSL errors like self-signed certificates. This is a pretty bad idea.
InsecureSSL=off
When I tried to post, I got this error message:
CRITICAL [us.bintube.com] Error while connecting: tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config
Agreeing with your observation that ignoring SSL errors was "a pretty bad idea", I tried to fix the problem without doing that. I changed simplenntp/simplenntp.go, line 73 from this:
tlsConn := tls.Client(conn, &tls.Config{InsecureSkipVerify: insecureSSL})
to this:
tlsConn := tls.Client(conn, &tls.Config{InsecureSkipVerify: insecureSSL, ServerName: address})
and it fixed the problem. I don't see how this can hurt, and it seems likely to always be necessary when using SSL, but I know next to nothing about nntp, SSL, or go, so I'm just letting you know my experience and my workaround. If this is a good, general fix, hopefully you'll release it.