Fix: leader_tls_servername raft option only worked when used with mTLS and/or an explicit CA cert. (#11252)

2021-04-06 09:16:54 -04:00 · 2021-04-06 09:16:54 -04:00 · 44c00cd54f
parent e598f6d5c2
commit 44c00cd54f
1 changed files with 6 additions and 0 deletions
--- a/vault/raft.go
+++ b/vault/raft.go
@ -806,6 +806,12 @@ func (c *Core) JoinRaftCluster(ctx context.Context, leaderInfos []*raft.LeaderJo
 				}
 				leaderInfo.TLSConfig.ServerName = leaderInfo.LeaderTLSServerName
 			}
+			if leaderInfo.TLSConfig == nil && leaderInfo.LeaderTLSServerName != "" {
+				leaderInfo.TLSConfig, err = tlsutil.SetupTLSConfig(map[string]string{"address": leaderInfo.LeaderTLSServerName}, "")
+				if err != nil {
+					return errwrap.Wrapf("failed to create TLS config: {{err}}", err)
+				}
+			}

 			if leaderInfo.TLSConfig != nil {
 				transport.TLSClientConfig = leaderInfo.TLSConfig.Clone()