From 97d700a6c7f026d9e6cab48c121866015d57d433 Mon Sep 17 00:00:00 2001 From: Nick Cabatoff Date: Wed, 31 Mar 2021 16:46:55 -0400 Subject: [PATCH] Fix: leader_tls_servername raft option only worked when used with mTLS and/or an explicit CA cert. --- vault/raft.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/vault/raft.go b/vault/raft.go index 30433fb79e31..ae81bd7d36a1 100644 --- a/vault/raft.go +++ b/vault/raft.go @@ -806,6 +806,12 @@ func (c *Core) JoinRaftCluster(ctx context.Context, leaderInfos []*raft.LeaderJo } leaderInfo.TLSConfig.ServerName = leaderInfo.LeaderTLSServerName } + if leaderInfo.TLSConfig == nil && leaderInfo.LeaderTLSServerName != "" { + leaderInfo.TLSConfig, err = tlsutil.SetupTLSConfig(map[string]string{"address": leaderInfo.LeaderTLSServerName}, "") + if err != nil { + return errwrap.Wrapf("failed to create TLS config: {{err}}", err) + } + } if leaderInfo.TLSConfig != nil { transport.TLSClientConfig = leaderInfo.TLSConfig.Clone()