Fix TLS hosts for implicit connections

nats-io · Oct 16, 2023 · f6134b1 · f6134b1
1 parent 5899776
commit f6134b1
Showing 1 changed file with 17 additions and 11 deletions.
diff --git a/src/NATS.Client.Core/NatsConnection.cs b/src/NATS.Client.Core/NatsConnection.cs
@@ -265,7 +265,7 @@ private async ValueTask InitialConnectAsync()
                     {
                         // upgrade TcpConnection to SslConnection
                         var sslConnection = conn.UpgradeToSslStreamConnection(Opts.TlsOpts, _tlsCerts);
-                        await sslConnection.AuthenticateAsClientAsync(uri).ConfigureAwait(false);
+                        await sslConnection.AuthenticateAsClientAsync(FixTlsHost(uri)).ConfigureAwait(false);
                         _socket = sslConnection;
                     }
                 }
@@ -359,15 +359,7 @@ private async ValueTask SetupReaderWriterAsync(bool reconnect)
                 if (Opts.TlsOpts.TryTls(_currentConnectUri) && (WritableServerInfo!.TlsRequired || WritableServerInfo.TlsAvailable))
                 {
                     // do TLS upgrade
-                    // if the current URI is not a seed URI and is not a DNS hostname, check the server cert against the
-                    // last seed hostname if it was a DNS hostname
-                    var targetUri = _currentConnectUri;
-                    if (!_currentConnectUri.IsSeed
-                        && Uri.CheckHostName(targetUri.Host) != UriHostNameType.Dns
-                        && Uri.CheckHostName(_lastSeedConnectUri!.Host) == UriHostNameType.Dns)
-                    {
-                        targetUri = targetUri.CloneWith(_lastSeedConnectUri.Host);
-                    }
+                    var targetUri = FixTlsHost(_currentConnectUri);
 
                     _logger.LogDebug("Perform TLS Upgrade to " + targetUri);
 
@@ -495,7 +487,7 @@ private async void ReconnectLoop()
                         {
                             // upgrade TcpConnection to SslConnection
                             var sslConnection = conn.UpgradeToSslStreamConnection(Opts.TlsOpts, _tlsCerts);
-                            await sslConnection.AuthenticateAsClientAsync(url).ConfigureAwait(false);
+                            await sslConnection.AuthenticateAsClientAsync(FixTlsHost(url)).ConfigureAwait(false);
                             _socket = sslConnection;
                         }
                     }
@@ -542,6 +534,20 @@ private async void ReconnectLoop()
         }
     }
 
+    private NatsUri FixTlsHost(NatsUri uri)
+    {
+        // if the current URI is not a seed URI and is not a DNS hostname, check the server cert against the
+        // last seed hostname if it was a DNS hostname
+        if (!uri.IsSeed
+            && Uri.CheckHostName(uri.Host) != UriHostNameType.Dns
+            && Uri.CheckHostName(_lastSeedConnectUri!.Host) == UriHostNameType.Dns)
+        {
+            return uri.CloneWith(_lastSeedConnectUri.Host);
+        }
+
+        return uri;
+    }
+
     private async Task WaitWithJitterAsync()
     {
         var jitter = Random.Shared.NextDouble() * Opts.ReconnectJitter.TotalMilliseconds;