allow a TLS server name to be configured for SSH agents (#1720)

2025-11-02 11:38:02 +00:00 · 2016-08-23 22:06:56 -04:00
parent f8c657a80a
commit 6089d7f2d6
2 changed files with 55 additions and 1 deletions
--- a/api/ssh_agent_test.go
+++ b/api/ssh_agent_test.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strings"
 	"testing"
+	"net/http"
 )

 func TestSSH_CreateTLSClient(t *testing.T) {
@@ -30,6 +31,29 @@ func TestSSH_CreateTLSClient(t *testing.T) {
 	}
 }

+func TestSSH_CreateTLSClient_tlsServerName(t *testing.T) {
+	// Ensure that the HTTP client is associated with the configured TLS server name.
+	var tlsServerName = "tls.server.name"
+
+	config, err := ParseSSHHelperConfig(fmt.Sprintf(`
+vault_addr = "1.2.3.4"
+tls_server_name = "%s"
+`, tlsServerName))
+	if err != nil {
+		panic(fmt.Sprintf("error loading config: %s", err))
+	}
+
+	client, err := config.NewClient()
+	if err != nil {
+		panic(fmt.Sprintf("error creating the client: %s", err))
+	}
+
+	actualTLSServerName := client.config.HttpClient.Transport.(*http.Transport).TLSClientConfig.ServerName
+	if actualTLSServerName != tlsServerName {
+		panic(fmt.Sprintf("incorrect TLS server name. expected: %s actual: %s", tlsServerName, actualTLSServerName))
+	}
+}
+
 func TestParseSSHHelperConfig(t *testing.T) {
 	config, err := ParseSSHHelperConfig(`
 		vault_addr = "1.2.3.4"
@@ -67,3 +91,20 @@ nope = "bad"
 		t.Errorf("bad error: %s", err)
 	}
 }
+
+func TestParseSSHHelperConfig_tlsServerName(t *testing.T) {
+	var tlsServerName = "tls.server.name"
+
+	config, err := ParseSSHHelperConfig(fmt.Sprintf(`
+vault_addr = "1.2.3.4"
+tls_server_name = "%s"
+`, tlsServerName))
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if config.TLSServerName != tlsServerName {
+		t.Errorf("incorrect TLS server name. expected: %s actual: %s", tlsServerName, config.TLSServerName)
+	}
+}