backport of commit 28e3b78e8efbf0f9ed7dcf098a78d3eb0af2b8d9 (#23760)

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2023-10-20 10:29:08 -04:00 · 2023-10-20 10:29:08 -04:00 · 4537223d3f
parent d8052ce112
commit 4537223d3f
2 changed files with 7 additions and 2 deletions
--- a/api/plugin_helpers.go
+++ b/api/plugin_helpers.go
@ -85,6 +85,7 @@ type PluginAPIClientMeta struct {
 	flagCAPath     string
 	flagClientCert string
 	flagClientKey  string
 	flagServerName string
 	flagInsecure   bool
 }
@ -96,6 +97,7 @@ func (f *PluginAPIClientMeta) FlagSet() *flag.FlagSet {
 	fs.StringVar(&f.flagCAPath, "ca-path", "", "")
 	fs.StringVar(&f.flagClientCert, "client-cert", "", "")
 	fs.StringVar(&f.flagClientKey, "client-key", "", "")
 	fs.StringVar(&f.flagServerName, "tls-server-name", "", "")
 	fs.BoolVar(&f.flagInsecure, "tls-skip-verify", false, "")
 	return fs
@ -104,13 +106,13 @@ func (f *PluginAPIClientMeta) FlagSet() *flag.FlagSet {
 // GetTLSConfig will return a TLSConfig based off the values from the flags
 func (f *PluginAPIClientMeta) GetTLSConfig() *TLSConfig {
 	// If we need custom TLS configuration, then set it
-	if f.flagCACert != "" || f.flagCAPath != "" || f.flagClientCert != "" || f.flagClientKey != "" || f.flagInsecure {
+	if f.flagCACert != "" || f.flagCAPath != "" || f.flagClientCert != "" || f.flagClientKey != "" || f.flagInsecure || f.flagServerName != "" {
 		t := &TLSConfig{
 			CACert:        f.flagCACert,
 			CAPath:        f.flagCAPath,
 			ClientCert:    f.flagClientCert,
 			ClientKey:     f.flagClientKey,
-			TLSServerName: "",
+			TLSServerName: f.flagServerName,
 			Insecure:      f.flagInsecure,
 		}
--- a/changelog/23549.txt
+++ b/changelog/23549.txt
@ -0,0 +1,3 @@
 ```release-note:improvement
 api/plugins: add `tls-server-name` arg for plugin registration
 ```