When running a client, I am receiving an error:
error: dial server <redacted>:19190: CRYPTO_ERROR 0x12a (local): tls: failed to verify certificate: x509: cannot validate certificate for <redacted> because it doesn't contain any IP SANs
But in fact, since both clients and the server have a pre-shared cert, (server-cas-file=ca.pem), there is no reason to do IP validation. Moreover, doing IP validation only creates an inconvenience, because my server is running on a dynamic (but real, public) IP which changes every 24 hours, so I would have to re-generate it often.
Please, consider adding an option to trust any valid certificate chain, regardless of the IP/domain.
When running a client, I am receiving an error:
But in fact, since both clients and the server have a pre-shared cert, (server-cas-file=ca.pem), there is no reason to do IP validation. Moreover, doing IP validation only creates an inconvenience, because my server is running on a dynamic (but real, public) IP which changes every 24 hours, so I would have to re-generate it often.
Please, consider adding an option to trust any valid certificate chain, regardless of the IP/domain.