From 9a97937ed363aa42881853661e840804698eabfb Mon Sep 17 00:00:00 2001
From: Anthony Romano <anthony.romano@coreos.com>
Date: Fri, 8 Jul 2016 12:01:05 -0700
Subject: [PATCH] credentials: don't overwrite ServerName in given config

The first endpoint will set the ServerName which will then be used by
the second endpoint, causing the transport to reject the second endpoint
since the server cert won't match the server name.
---
 credentials/credentials.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/credentials/credentials.go b/credentials/credentials.go
index 537079026116..8d4c57ccf691 100644
--- a/credentials/credentials.go
+++ b/credentials/credentials.go
@@ -151,14 +151,16 @@ func (c *tlsCreds) ClientHandshake(addr string, rawConn net.Conn, timeout time.D
 			errChannel <- timeoutError{}
 		})
 	}
+	// use local cfg to avoid clobbering ServerName if using multiple endpoints
+	cfg := *c.config
 	if c.config.ServerName == "" {
 		colonPos := strings.LastIndex(addr, ":")
 		if colonPos == -1 {
 			colonPos = len(addr)
 		}
-		c.config.ServerName = addr[:colonPos]
+		cfg.ServerName = addr[:colonPos]
 	}
-	conn := tls.Client(rawConn, c.config)
+	conn := tls.Client(rawConn, &cfg)
 	if timeout == 0 {
 		err = conn.Handshake()
 	} else {