Is it possible to do server's certificate chain verification without verifying servername in Go TLS client from crypto/tls package?
As shown in the below code snippet, if we don't provide any servername we get error like
tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config
rootCA := x509.NewCertPool()
caCert, _ := ioutil.ReadFile("/path/to/ca_cert.pem")
rootCA.AppendCertsFromPEM(caCert)
tlsConfig = tls.Config{
RootCAs: rootCA,
ServerName: "xyz.com",
}
conn, _ := net.Dial("tcp", "ip:port")
c := tls.Client(conn, &tlsConfig)
c.Handshake()
I have a requirement where only server's certificate chain verification is required and servername verification not needed but with Go's crypto/tls package both verification is coupled as an unit.