Using SNI for service names to support k8s

Using SNI in quorum client connection to
connect to SMS service via https

Issue-ID: AAF-265
Change-Id: I5108e9d734f11a4f74c41a41a2d8cd2f72c62b36
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>

2 files changed, 14 insertions, 6 deletions

diff --git a/sms-service/src/quorumclient/config.json b/sms-service/src/quorumclient/config.json
index 53cbf41..9afe723 100644
--- a/sms-service/src/quorumclient/config.json
+++ b/sms-service/src/quorumclient/config.json
@@ -1,5 +1,6 @@
 {
     "url":"https://aaf-sms:10443",
+    "servername":"aaf-sms.api.simpledemo.onap.org",
     "cafile": "cert/aaf_root_ca.cer",
     "clientcert":"client.cert",
     "clientkey":"client.key",
diff --git a/sms-service/src/quorumclient/quorumclient.go b/sms-service/src/quorumclient/quorumclient.go
index 9db6da8..9ef8f00 100644
--- a/sms-service/src/quorumclient/quorumclient.go
+++ b/sms-service/src/quorumclient/quorumclient.go
@@ -105,12 +105,13 @@ func main() {
 
 	//Struct to read json configuration file
 	type config struct {
-		BackEndURL string `json:"url"`
-		CAFile     string `json:"cafile"`
-		ClientCert string `json:"clientcert"`
-		ClientKey  string `json:"clientkey"`
-		TimeOut    string `json:"timeout"`
-		DisableTLS bool   `json:"disable_tls"`
+		BackEndURL        string `json:"url"`
+		BackendServerName string `json:"servername"`
+		CAFile            string `json:"cafile"`
+		ClientCert        string `json:"clientcert"`
+		ClientKey         string `json:"clientkey"`
+		TimeOut           string `json:"timeout"`
+		DisableTLS        bool   `json:"disable_tls"`
 	}
 
 	//Load the config File for reading
@@ -155,6 +156,12 @@ func main() {
 		}
 	}
 
+	// Allow https connection in k8s where servername does not match
+	// certificate server name
+	if cfg.BackendServerName != "" {
+		transport.TLSClientConfig.ServerName = cfg.BackendServerName
+	}
+
 	client := &http.Client{
 		Transport: &transport,
 	}