go/pki: allow overriding host in client Change-Id: I5d913d6056efc5128c26ffe4db962fdb86b08315

commit: ef2fbaf89258d3fa18f5f9fed986038e15b9f42d [log] [tgz]
author: Serge Bazanski <q3k@hackerspace.pl> Sat Aug 01 22:01:33 2020 +0200
committer: Serge Bazanski <q3k@hackerspace.pl> Sat Aug 01 22:01:33 2020 +0200
tree: ed0846779959e6f6e90e1bdb0fa2fd530fbe48b0
parent: 4ded56ab8af07747e18f1bdddd16964721cddc6e [diff] [blame]
diff --git a/go/pki/grpc.go b/go/pki/grpc.go
index 313f4a9..44099c0 100644
--- a/go/pki/grpc.go
+++ b/go/pki/grpc.go

@@ -235,7 +235,15 @@
 	return []grpc.ServerOption{creds, interceptor}
 }
 
-func WithClientHSPKI() grpc.DialOption {
+type ClientHSPKIOption func(c *tls.Config)
+
+func OverrideServerName(name string) ClientHSPKIOption {
+	return func(c *tls.Config) {
+		c.ServerName = name
+	}
+}
+
+func WithClientHSPKI(opts ...ClientHSPKIOption) grpc.DialOption {
 	if !flag.Parsed() {
 		glog.Exitf("WithServerHSPKI called before flag.Parse!")
 	}
@@ -258,9 +266,15 @@
 		glog.Exitf("WithClientHSPKI: cannot load service certificate/key: %v", err)
 	}
 
-	creds := credentials.NewTLS(&tls.Config{
+	config := &tls.Config{
 		Certificates: []tls.Certificate{clientCert},
 		RootCAs:      certPool,
-	})
+	}
+
+	for _, opt := range opts {
+		opt(config)
+	}
+
+	creds := credentials.NewTLS(config)
 	return grpc.WithTransportCredentials(creds)
 }
commit	ef2fbaf89258d3fa18f5f9fed986038e15b9f42d	[log] [tgz]
author	Serge Bazanski <q3k@hackerspace.pl>	Sat Aug 01 22:01:33 2020 +0200
committer	Serge Bazanski <q3k@hackerspace.pl>	Sat Aug 01 22:01:33 2020 +0200
tree	ed0846779959e6f6e90e1bdb0fa2fd530fbe48b0
parent	4ded56ab8af07747e18f1bdddd16964721cddc6e [diff] [blame]