Here is how to do it with Go https://stackoverflow.com/questions/44295820/disable-common-name-validation-go-http-client
> On Nov 19, 2018, at 2:00 PM, Russ Allbery <[email protected]> wrote: > > Robert Engels <[email protected]> writes: > >> I’m not sure I follow. The client knows the host it is expecting to >> contact and verified that the certificate sent matches that host. As I >> said in a later email there is almost certainly a way to bypass the >> check but not sure you can change the setting while going through gRPC >> layer. > > There are two parameters here: the hostname or IP address to which to > connect, and the FQDN used for SNI and for certificate verification. > > The request, at least if I understand it correctly, is to support > decoupling them in the API so that the client can specify an IP address to > connect to and separately specify the FQDN in SNI and certificate > verification, because the client knows (via some mechanism outside the > scope of the API) that it wants to connect to some specific IP that isn't > associated in DNS with the FQDN, but knows what certificate identity to > expect. > > This is a quite common problem with any software using SSL. There are > often reasons why you want to connect to some internal IP that isn't in > DNS or has the wrong DNS or whatever, but you know as the client what the > certificate will and should be. > > -- > Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/560BAAF8-F612-4822-98FC-B0F1F4F20CF0%40earthlink.net. For more options, visit https://groups.google.com/d/optout.
