transport: warn on user-provided CA

[heyitsanthony]

ServerName is ignored for a user-provided CA for backwards compatibility. This
breaks PKI, so warn it is deprecated.

#6440 is the right thing to do, but etcd needs to warn before fully deprecating first.

/cc @lclarkmichalek @xiang90

[xiang90]

lgtm

[xiang90]

we need to add this into release note.

[codecov-io]

Current coverage is 64.44% (diff: 100%)

No coverage report found for master at 824277c.

Powered by Codecov. Last update 824277c...da8fd18

[gyuho]

lgtm

[lclarkmichalek]

Great 👍

[Sartner]

But how to fix the warn "ignoring ServerName for user-provided CA for backwards compatibility is deprecated" ?
Where to set ServerName ?

[peteeckel]

Looking at the relevant part of the code in pkg/transport/transport.go I'd expect you just can't get rid of the warning when you are using your own CA file. It is issued whether or not your certificate contains the correct server name.

I've downgraded to 3.0.15 (which fixes the problem for the time being) and expect 3.2.x to work without any problem or warning as soon as it gets released.

[xiang90]

@peteeckel Sorry. I did not really understand your issue. Maybe you can create a new issue to clearly state the problem you are facing.

[peteeckel]

@xiang90

I was referring to @Sartner's question on how to get rid of the warning, and as long as you use your own CA file I don't see how you can. I ran into the same issue today after upgrading from 3.0.15 to 3.1.0, and the current version in the repo (presumably to become 3.2.x) doesn't contain the code for the warning anymore.

So as I see it downgrading helps as a workaround, and upgrading will help as well (as long as your server names are correctly reflected in the cert).

[xiang90]

@peteeckel You are right. Thanks.