go/pki: allow overriding host in client
Change-Id: I5d913d6056efc5128c26ffe4db962fdb86b08315
diff --git a/go/pki/grpc.go b/go/pki/grpc.go
index 313f4a9..44099c0 100644
--- a/go/pki/grpc.go
+++ b/go/pki/grpc.go
@@ -235,7 +235,15 @@
return []grpc.ServerOption{creds, interceptor}
}
-func WithClientHSPKI() grpc.DialOption {
+type ClientHSPKIOption func(c *tls.Config)
+
+func OverrideServerName(name string) ClientHSPKIOption {
+ return func(c *tls.Config) {
+ c.ServerName = name
+ }
+}
+
+func WithClientHSPKI(opts ...ClientHSPKIOption) grpc.DialOption {
if !flag.Parsed() {
glog.Exitf("WithServerHSPKI called before flag.Parse!")
}
@@ -258,9 +266,15 @@
glog.Exitf("WithClientHSPKI: cannot load service certificate/key: %v", err)
}
- creds := credentials.NewTLS(&tls.Config{
+ config := &tls.Config{
Certificates: []tls.Certificate{clientCert},
RootCAs: certPool,
- })
+ }
+
+ for _, opt := range opts {
+ opt(config)
+ }
+
+ creds := credentials.NewTLS(config)
return grpc.WithTransportCredentials(creds)
}