From d8896736f3bcdeb5d973646bc33fa76205b3bde1 Mon Sep 17 00:00:00 2001
From: Nick Cabatoff <ncabatoff@hashicorp.com>
Date: Tue, 6 Apr 2021 09:46:46 -0400
Subject: [PATCH] Fix: leader_tls_servername raft option only worked when used
 with mTLS and/or an explicit CA cert. (#11252) (#11282)

---
 vault/raft.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/vault/raft.go b/vault/raft.go
index a4d0f4223115..96c922ffa8ef 100644
--- a/vault/raft.go
+++ b/vault/raft.go
@@ -816,6 +816,12 @@ func (c *Core) JoinRaftCluster(ctx context.Context, leaderInfos []*raft.LeaderJo
 				}
 				leaderInfo.TLSConfig.ServerName = leaderInfo.LeaderTLSServerName
 			}
+			if leaderInfo.TLSConfig == nil && leaderInfo.LeaderTLSServerName != "" {
+				leaderInfo.TLSConfig, err = tlsutil.SetupTLSConfig(map[string]string{"address": leaderInfo.LeaderTLSServerName}, "")
+				if err != nil {
+					return errwrap.Wrapf("failed to create TLS config: {{err}}", err)
+				}
+			}
 
 			if leaderInfo.TLSConfig != nil {
 				transport.TLSClientConfig = leaderInfo.TLSConfig.Clone()