func verifyWithCommonName()

in image/resources/netapp-exports/tls.go [32:74]

• 34 lines of code
• 7 McCabe index (conditional complexity)

func verifyWithCommonName(config *tls.Config) func(tls.ConnectionState) error {
	return func(c tls.ConnectionState) error {
		t := config.Time
		if t == nil {
			t = time.Now
		}

		certs := c.PeerCertificates
		intermediates := x509.NewCertPool()
		for _, cert := range certs[1:] {
			intermediates.AddCert(cert)
		}

		opts := x509.VerifyOptions{
			Roots:         config.RootCAs,
			CurrentTime:   t(),
			DNSName:       "",
			Intermediates: intermediates,
		}

		cert := certs[0]
		if _, err := cert.Verify(opts); err != nil {
			return err
		}

		host := c.ServerName
		if hasSANExtension(cert) {
			// If the certificate contains a SAN ignore the common name and
			// only validate based on the SAN.
			if err := cert.VerifyHostname(host); err != nil {
				return err
			}
		} else {
			// If the certificate does not contain a SAN, fallback to the older
			// method of assuming the common name is a DNS name
			if err := verifyCommonName(cert, host); err != nil {
				return err
			}
		}

		return nil
	}
}