From 1bee232bbb966af47a347aa0ab91b66f5272f27a Mon Sep 17 00:00:00 2001
From: WendelHime <6754291+WendelHime@users.noreply.github.com>
Date: Thu, 22 Aug 2024 18:10:40 -0300
Subject: [PATCH] feat: use verify host and update tests

---
 direct.go      | 52 +++++++++++++++++++++++++++++---------------------
 direct_test.go | 42 +++++++++++++++++++++++-----------------
 2 files changed, 54 insertions(+), 40 deletions(-)

diff --git a/direct.go b/direct.go
index a5542d1..3b6eca3 100644
--- a/direct.go
+++ b/direct.go
@@ -429,7 +429,11 @@ func (d *direct) dialServerWith(m *Masquerade) (net.Conn, error) {
 		tlsConfig.InsecureSkipVerify = true
 		tlsConfig.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
 			log.Tracef("verifying peer certificate for masquerade domain [%s] and SNI [%s]", m.Domain, m.SNI)
-			return verifyPeerCertificate(rawCerts, d.certPool, m.Domain, m.SNI)
+			var verifyHostname string
+			if m.VerifyHostname != nil {
+				verifyHostname = *m.VerifyHostname
+			}
+			return verifyPeerCertificate(rawCerts, d.certPool, verifyHostname)
 		}
 
 	}
@@ -454,7 +458,7 @@ func (d *direct) dialServerWith(m *Masquerade) (net.Conn, error) {
 	return conn, err
 }
 
-func verifyPeerCertificate(rawCerts [][]byte, roots *x509.CertPool, domain string, sni string) error {
+func verifyPeerCertificate(rawCerts [][]byte, roots *x509.CertPool, domain string) error {
 	if len(rawCerts) == 0 {
 		return fmt.Errorf("no certificates presented")
 	}
@@ -463,20 +467,7 @@ func verifyPeerCertificate(rawCerts [][]byte, roots *x509.CertPool, domain strin
 		return fmt.Errorf("unable to parse certificate: %w", err)
 	}
 
-	masqueradeOpts := x509.VerifyOptions{
-		Roots:         roots,
-		CurrentTime:   time.Now(),
-		DNSName:       domain,
-		Intermediates: x509.NewCertPool(),
-	}
-
-	sniOpts := x509.VerifyOptions{
-		Roots:         roots,
-		CurrentTime:   time.Now(),
-		DNSName:       sni,
-		Intermediates: x509.NewCertPool(),
-	}
-
+	opts := []x509.VerifyOptions{generateVerifyOptions(roots, domain)}
 	for i := range rawCerts {
 		if i == 0 {
 			continue
@@ -485,19 +476,36 @@ func verifyPeerCertificate(rawCerts [][]byte, roots *x509.CertPool, domain strin
 		if err != nil {
 			return fmt.Errorf("unable to parse intermediate certificate: %w", err)
 		}
-		masqueradeOpts.Intermediates.AddCert(crt)
-		sniOpts.Intermediates.AddCert(crt)
+
+		for _, opt := range opts {
+			opt.Intermediates.AddCert(crt)
+		}
+	}
+
+	var verificationErrors error
+	for _, opt := range opts {
+		_, err := cert.Verify(opt)
+		if err != nil {
+			verificationErrors = errors.Join(verificationErrors, err)
+		}
 	}
 
-	_, sniErr := cert.Verify(sniOpts)
-	_, masqueradeErr := cert.Verify(masqueradeOpts)
-	if masqueradeErr != nil && sniErr != nil {
-		return fmt.Errorf("certificate verification failed for masquerade and SNI: [%w],[%w]", masqueradeErr, sniErr)
+	if verificationErrors != nil {
+		return fmt.Errorf("certificate verification failed: %w", verificationErrors)
 	}
 
 	return nil
 }
 
+func generateVerifyOptions(roots *x509.CertPool, domain string) x509.VerifyOptions {
+	return x509.VerifyOptions{
+		Roots:         roots,
+		CurrentTime:   time.Now(),
+		DNSName:       domain,
+		Intermediates: x509.NewCertPool(),
+	}
+}
+
 // frontingTLSConfig builds a tls.Config for dialing the fronting domain. This is to establish the
 // initial TCP connection to the CDN.
 func (d *direct) frontingTLSConfig(m *Masquerade) *tls.Config {
diff --git a/direct_test.go b/direct_test.go
index f3636e7..89a3a05 100644
--- a/direct_test.go
+++ b/direct_test.go
@@ -734,12 +734,11 @@ func TestVerifyPeerCertificate(t *testing.T) {
 	rawCerts := [][]byte{{48, 130, 6, 78, 48, 130, 5, 54, 160, 3, 2, 1, 2, 2, 16, 11, 14, 250, 105, 152, 72, 112, 146, 165, 214, 78, 192, 231, 165, 110, 242, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 48, 79, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 21, 48, 19, 6, 3, 85, 4, 10, 19, 12, 68, 105, 103, 105, 67, 101, 114, 116, 32, 73, 110, 99, 49, 41, 48, 39, 6, 3, 85, 4, 3, 19, 32, 68, 105, 103, 105, 67, 101, 114, 116, 32, 84, 76, 83, 32, 82, 83, 65, 32, 83, 72, 65, 50, 53, 54, 32, 50, 48, 50, 48, 32, 67, 65, 49, 48, 30, 23, 13, 50, 52, 48, 52, 49, 56, 48, 48, 48, 48, 48, 48, 90, 23, 13, 50, 53, 48, 52, 49, 57, 50, 51, 53, 57, 53, 57, 90, 48, 121, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 22, 48, 20, 6, 3, 85, 4, 8, 19, 13, 77, 97, 115, 115, 97, 99, 104, 117, 115, 101, 116, 116, 115, 49, 18, 48, 16, 6, 3, 85, 4, 7, 19, 9, 67, 97, 109, 98, 114, 105, 100, 103, 101, 49, 34, 48, 32, 6, 3, 85, 4, 10, 19, 25, 65, 107, 97, 109, 97, 105, 32, 84, 101, 99, 104, 110, 111, 108, 111, 103, 105, 101, 115, 44, 32, 73, 110, 99, 46, 49, 26, 48, 24, 6, 3, 85, 4, 3, 19, 17, 97, 50, 52, 56, 46, 101, 46, 97, 107, 97, 109, 97, 105, 46, 110, 101, 116, 48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 5, 224, 177, 69, 53, 250, 80, 142, 150, 138, 229, 168, 82, 249, 163, 196, 35, 150, 140, 182, 86, 208, 48, 132, 211, 49, 12, 169, 58, 148, 19, 105, 223, 193, 88, 236, 160, 208, 199, 150, 32, 252, 119, 75, 85, 5, 247, 130, 138, 242, 186, 184, 107, 67, 177, 230, 40, 36, 104, 131, 178, 228, 231, 148, 163, 130, 3, 197, 48, 130, 3, 193, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, 128, 20, 183, 107, 162, 234, 168, 170, 132, 140, 121, 234, 180, 218, 15, 152, 178, 197, 149, 118, 185, 244, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 115, 183, 92, 115, 61, 0, 51, 82, 107, 67, 69, 86, 236, 116, 51, 65, 161, 9, 34, 162, 48, 110, 6, 3, 85, 29, 17, 4, 103, 48, 101, 130, 17, 97, 50, 52, 56, 46, 101, 46, 97, 107, 97, 109, 97, 105, 46, 110, 101, 116, 130, 15, 42, 46, 97, 107, 97, 109, 97, 105, 122, 101, 100, 46, 110, 101, 116, 130, 23, 42, 46, 97, 107, 97, 109, 97, 105, 122, 101, 100, 45, 115, 116, 97, 103, 105, 110, 103, 46, 110, 101, 116, 130, 14, 42, 46, 97, 107, 97, 109, 97, 105, 104, 100, 46, 110, 101, 116, 130, 22, 42, 46, 97, 107, 97, 109, 97, 105, 104, 100, 45, 115, 116, 97, 103, 105, 110, 103, 46, 110, 101, 116, 48, 62, 6, 3, 85, 29, 32, 4, 55, 48, 53, 48, 51, 6, 6, 103, 129, 12, 1, 2, 2, 48, 41, 48, 39, 6, 8, 43, 6, 1, 5, 5, 7, 2, 1, 22, 27, 104, 116, 116, 112, 58, 47, 47, 119, 119, 119, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 67, 80, 83, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 3, 136, 48, 29, 6, 3, 85, 29, 37, 4, 22, 48, 20, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 6, 8, 43, 6, 1, 5, 5, 7, 3, 2, 48, 129, 143, 6, 3, 85, 29, 31, 4, 129, 135, 48, 129, 132, 48, 64, 160, 62, 160, 60, 134, 58, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 51, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 84, 76, 83, 82, 83, 65, 83, 72, 65, 50, 53, 54, 50, 48, 50, 48, 67, 65, 49, 45, 52, 46, 99, 114, 108, 48, 64, 160, 62, 160, 60, 134, 58, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 52, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 84, 76, 83, 82, 83, 65, 83, 72, 65, 50, 53, 54, 50, 48, 50, 48, 67, 65, 49, 45, 52, 46, 99, 114, 108, 48, 127, 6, 8, 43, 6, 1, 5, 5, 7, 1, 1, 4, 115, 48, 113, 48, 36, 6, 8, 43, 6, 1, 5, 5, 7, 48, 1, 134, 24, 104, 116, 116, 112, 58, 47, 47, 111, 99, 115, 112, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 48, 73, 6, 8, 43, 6, 1, 5, 5, 7, 48, 2, 134, 61, 104, 116, 116, 112, 58, 47, 47, 99, 97, 99, 101, 114, 116, 115, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 84, 76, 83, 82, 83, 65, 83, 72, 65, 50, 53, 54, 50, 48, 50, 48, 67, 65, 49, 45, 49, 46, 99, 114, 116, 48, 12, 6, 3, 85, 29, 19, 1, 1, 255, 4, 2, 48, 0, 48, 130, 1, 125, 6, 10, 43, 6, 1, 4, 1, 214, 121, 2, 4, 2, 4, 130, 1, 109, 4, 130, 1, 105, 1, 103, 0, 118, 0, 78, 117, 163, 39, 92, 154, 16, 195, 56, 91, 108, 212, 223, 63, 82, 235, 29, 240, 224, 142, 27, 141, 105, 192, 177, 250, 100, 177, 98, 154, 57, 223, 0, 0, 1, 142, 241, 217, 223, 134, 0, 0, 4, 3, 0, 71, 48, 69, 2, 33, 0, 182, 60, 198, 96, 136, 128, 205, 139, 42, 82, 117, 248, 90, 158, 186, 210, 179, 163, 225, 68, 48, 33, 54, 42, 66, 129, 205, 220, 227, 47, 241, 24, 2, 32, 47, 50, 19, 81, 103, 101, 88, 38, 67, 79, 20, 225, 232, 59, 123, 77, 100, 243, 60, 99, 22, 213, 169, 109, 122, 35, 153, 88, 59, 40, 193, 180, 0, 118, 0, 125, 89, 30, 18, 225, 120, 42, 123, 28, 97, 103, 124, 94, 253, 248, 208, 135, 92, 20, 160, 78, 149, 158, 185, 3, 47, 217, 14, 140, 46, 121, 184, 0, 0, 1, 142, 241, 217, 223, 135, 0, 0, 4, 3, 0, 71, 48, 69, 2, 33, 0, 236, 206, 233, 76, 152, 193, 240, 13, 15, 141, 73, 58, 88, 53, 123, 217, 228, 185, 26, 35, 9, 53, 191, 231, 1, 223, 99, 28, 200, 188, 2, 47, 2, 32, 39, 67, 173, 42, 123, 38, 247, 178, 220, 3, 89, 37, 218, 105, 45, 249, 17, 111, 222, 84, 173, 197, 17, 26, 177, 217, 193, 163, 221, 229, 129, 134, 0, 117, 0, 230, 210, 49, 99, 64, 119, 140, 193, 16, 65, 6, 215, 113, 185, 206, 193, 210, 64, 246, 150, 132, 134, 251, 186, 135, 50, 29, 253, 30, 55, 142, 80, 0, 0, 1, 142, 241, 217, 223, 156, 0, 0, 4, 3, 0, 70, 48, 68, 2, 32, 63, 238, 16, 71, 200, 160, 240, 218, 87, 96, 100, 137, 184, 151, 189, 202, 191, 140, 193, 138, 110, 83, 166, 225, 152, 192, 33, 228, 72, 60, 146, 9, 2, 32, 20, 216, 203, 133, 251, 181, 154, 237, 126, 11, 120, 77, 219, 28, 73, 93, 254, 23, 141, 52, 195, 145, 216, 145, 16, 187, 133, 16, 140, 184, 135, 183, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 3, 130, 1, 1, 0, 98, 147, 27, 116, 164, 135, 78, 19, 1, 11, 53, 227, 221, 49, 154, 147, 19, 174, 118, 228, 188, 90, 81, 60, 70, 72, 54, 95, 222, 204, 55, 191, 171, 254, 126, 228, 34, 208, 165, 74, 135, 252, 133, 131, 205, 71, 216, 124, 81, 208, 146, 28, 219, 168, 108, 81, 76, 30, 114, 121, 71, 134, 116, 156, 58, 85, 38, 176, 202, 33, 124, 189, 155, 252, 217, 111, 116, 7, 83, 186, 149, 7, 7, 127, 39, 167, 50, 69, 97, 162, 65, 90, 234, 59, 114, 92, 19, 87, 118, 143, 216, 97, 192, 226, 95, 230, 244, 208, 237, 199, 7, 3, 99, 108, 69, 214, 95, 36, 69, 116, 75, 195, 254, 18, 207, 11, 34, 253, 237, 248, 127, 152, 29, 58, 131, 49, 178, 141, 72, 111, 11, 151, 30, 3, 56, 6, 6, 156, 45, 103, 3, 25, 210, 95, 235, 109, 29, 45, 59, 21, 36, 81, 146, 160, 165, 185, 201, 100, 150, 126, 160, 230, 126, 128, 222, 243, 49, 119, 188, 163, 162, 98, 153, 174, 185, 234, 44, 226, 102, 184, 207, 2, 193, 66, 77, 199, 39, 219, 64, 44, 145, 6, 207, 52, 237, 50, 200, 55, 253, 21, 208, 124, 150, 3, 136, 196, 70, 121, 86, 75, 41, 76, 71, 193, 94, 73, 151, 255, 164, 127, 129, 242, 35, 125, 80, 24, 21, 121, 184, 18, 224, 212, 70, 58, 206, 122, 34, 250, 119, 203, 84, 55, 11, 9, 221, 103}, {48, 130, 4, 190, 48, 130, 3, 166, 160, 3, 2, 1, 2, 2, 16, 6, 216, 217, 4, 213, 88, 67, 70, 246, 138, 47, 167, 84, 34, 126, 196, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 48, 97, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 21, 48, 19, 6, 3, 85, 4, 10, 19, 12, 68, 105, 103, 105, 67, 101, 114, 116, 32, 73, 110, 99, 49, 25, 48, 23, 6, 3, 85, 4, 11, 19, 16, 119, 119, 119, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 49, 32, 48, 30, 6, 3, 85, 4, 3, 19, 23, 68, 105, 103, 105, 67, 101, 114, 116, 32, 71, 108, 111, 98, 97, 108, 32, 82, 111, 111, 116, 32, 67, 65, 48, 30, 23, 13, 50, 49, 48, 52, 49, 52, 48, 48, 48, 48, 48, 48, 90, 23, 13, 51, 49, 48, 52, 49, 51, 50, 51, 53, 57, 53, 57, 90, 48, 79, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 21, 48, 19, 6, 3, 85, 4, 10, 19, 12, 68, 105, 103, 105, 67, 101, 114, 116, 32, 73, 110, 99, 49, 41, 48, 39, 6, 3, 85, 4, 3, 19, 32, 68, 105, 103, 105, 67, 101, 114, 116, 32, 84, 76, 83, 32, 82, 83, 65, 32, 83, 72, 65, 50, 53, 54, 32, 50, 48, 50, 48, 32, 67, 65, 49, 48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 193, 75, 179, 101, 71, 112, 188, 221, 79, 88, 219, 236, 156, 237, 195, 102, 229, 31, 49, 19, 84, 173, 74, 102, 70, 31, 44, 10, 236, 100, 7, 229, 46, 220, 220, 185, 10, 32, 237, 223, 227, 196, 208, 158, 154, 169, 122, 29, 130, 136, 229, 17, 86, 219, 30, 159, 88, 194, 81, 231, 44, 52, 13, 46, 210, 146, 225, 86, 203, 241, 121, 95, 179, 187, 135, 202, 37, 3, 123, 154, 82, 65, 102, 16, 96, 79, 87, 19, 73, 240, 232, 55, 103, 131, 223, 231, 211, 75, 103, 76, 34, 81, 166, 223, 14, 153, 16, 237, 87, 81, 116, 38, 226, 125, 199, 202, 98, 46, 19, 27, 127, 35, 136, 37, 83, 111, 193, 52, 88, 0, 139, 132, 255, 248, 190, 167, 88, 73, 34, 123, 150, 173, 162, 136, 155, 21, 188, 160, 124, 223, 233, 81, 168, 213, 176, 237, 55, 226, 54, 180, 130, 75, 98, 181, 73, 154, 236, 199, 103, 214, 227, 62, 245, 227, 214, 18, 94, 68, 241, 191, 113, 66, 125, 88, 132, 3, 128, 177, 129, 1, 250, 249, 202, 50, 187, 180, 142, 39, 135, 39, 197, 43, 116, 212, 168, 214, 151, 222, 195, 100, 249, 202, 206, 83, 162, 86, 188, 120, 23, 142, 73, 3, 41, 174, 251, 73, 79, 164, 21, 185, 206, 242, 92, 25, 87, 109, 107, 121, 167, 43, 162, 39, 32, 19, 181, 208, 61, 64, 211, 33, 48, 7, 147, 234, 153, 245, 2, 3, 1, 0, 1, 163, 130, 1, 130, 48, 130, 1, 126, 48, 18, 6, 3, 85, 29, 19, 1, 1, 255, 4, 8, 48, 6, 1, 1, 255, 2, 1, 0, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 183, 107, 162, 234, 168, 170, 132, 140, 121, 234, 180, 218, 15, 152, 178, 197, 149, 118, 185, 244, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, 128, 20, 3, 222, 80, 53, 86, 209, 76, 187, 102, 240, 163, 226, 27, 27, 195, 151, 178, 61, 209, 85, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 1, 134, 48, 29, 6, 3, 85, 29, 37, 4, 22, 48, 20, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 6, 8, 43, 6, 1, 5, 5, 7, 3, 2, 48, 118, 6, 8, 43, 6, 1, 5, 5, 7, 1, 1, 4, 106, 48, 104, 48, 36, 6, 8, 43, 6, 1, 5, 5, 7, 48, 1, 134, 24, 104, 116, 116, 112, 58, 47, 47, 111, 99, 115, 112, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 48, 64, 6, 8, 43, 6, 1, 5, 5, 7, 48, 2, 134, 52, 104, 116, 116, 112, 58, 47, 47, 99, 97, 99, 101, 114, 116, 115, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 71, 108, 111, 98, 97, 108, 82, 111, 111, 116, 67, 65, 46, 99, 114, 116, 48, 66, 6, 3, 85, 29, 31, 4, 59, 48, 57, 48, 55, 160, 53, 160, 51, 134, 49, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 51, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 71, 108, 111, 98, 97, 108, 82, 111, 111, 116, 67, 65, 46, 99, 114, 108, 48, 61, 6, 3, 85, 29, 32, 4, 54, 48, 52, 48, 11, 6, 9, 96, 134, 72, 1, 134, 253, 108, 2, 1, 48, 7, 6, 5, 103, 129, 12, 1, 1, 48, 8, 6, 6, 103, 129, 12, 1, 2, 1, 48, 8, 6, 6, 103, 129, 12, 1, 2, 2, 48, 8, 6, 6, 103, 129, 12, 1, 2, 3, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 3, 130, 1, 1, 0, 128, 50, 206, 94, 11, 221, 110, 90, 13, 10, 175, 225, 214, 132, 203, 192, 142, 250, 133, 112, 237, 218, 93, 179, 12, 247, 43, 117, 64, 254, 133, 10, 250, 243, 49, 120, 183, 112, 75, 26, 137, 88, 186, 128, 189, 243, 107, 29, 233, 126, 207, 11, 186, 88, 156, 89, 212, 144, 211, 253, 108, 253, 208, 152, 109, 183, 113, 130, 91, 207, 109, 11, 90, 9, 208, 123, 222, 196, 67, 216, 42, 164, 222, 158, 65, 38, 95, 187, 143, 153, 203, 221, 174, 225, 168, 111, 159, 135, 254, 116, 183, 31, 27, 32, 171, 177, 79, 198, 245, 103, 93, 93, 155, 60, 233, 255, 105, 247, 97, 108, 214, 217, 243, 253, 54, 198, 171, 3, 136, 118, 210, 75, 46, 117, 134, 227, 252, 216, 85, 125, 38, 194, 17, 119, 223, 62, 2, 182, 124, 243, 171, 123, 122, 134, 54, 111, 184, 247, 216, 147, 113, 207, 134, 223, 115, 48, 250, 123, 171, 237, 42, 89, 200, 66, 132, 59, 17, 23, 26, 82, 243, 201, 14, 20, 125, 162, 91, 114, 103, 186, 113, 237, 87, 71, 102, 197, 184, 2, 74, 101, 52, 94, 139, 208, 42, 60, 32, 156, 81, 153, 76, 231, 82, 158, 247, 107, 17, 43, 13, 146, 126, 29, 232, 138, 235, 54, 22, 67, 135, 234, 42, 99, 191, 117, 63, 235, 222, 196, 3, 187, 10, 60, 247, 48, 239, 235, 175, 76, 252, 139, 54, 16, 115, 62, 243, 164}}
 
 	var tests = []struct {
-		name          string
-		givenRawCerts [][]byte
-		givenRoots    *x509.CertPool
-		givenDomain   string
-		givenSNI      string
-		assert        func(t *testing.T, err error)
+		name            string
+		givenRawCerts   [][]byte
+		givenRoots      *x509.CertPool
+		givenVerifyHost string
+		assert          func(t *testing.T, err error)
 	}{
 		{
 			name:          "should return no certificates present when not providing rawCerts",
@@ -769,23 +768,30 @@ func TestVerifyPeerCertificate(t *testing.T) {
 			},
 		},
 		{
-			name:          "should return an error when failing to verify the certificate for masquerade and sni",
-			givenRawCerts: rawCerts,
-			givenRoots:    trustedCACerts(t),
-			givenDomain:   "cloudfront.net",
-			givenSNI:      "google.com",
+			name:            "should return an error when failing to verify the certificate for the given verifyHost",
+			givenRawCerts:   rawCerts,
+			givenRoots:      trustedCACerts(t),
+			givenVerifyHost: "cloudfront.net",
 			assert: func(t *testing.T, err error) {
 				if assert.Error(t, err) {
-					assert.ErrorContains(t, err, "certificate verification failed for masquerade and SNI")
+					assert.ErrorContains(t, err, "certificate verification failed")
 				}
 			},
 		},
 		{
-			name:          "should succeed when providing valid rawCerts, roots, domain and sni",
-			givenRawCerts: rawCerts,
-			givenRoots:    trustedCACerts(t),
-			givenDomain:   "potato.akamaihd.net",
-			givenSNI:      "github.com",
+			name:            "should succeed when providing valid rawCerts, roots, domain and sni",
+			givenRawCerts:   rawCerts,
+			givenRoots:      trustedCACerts(t),
+			givenVerifyHost: "potato.akamaihd.net",
+			assert: func(t *testing.T, err error) {
+				assert.NoError(t, err)
+			},
+		},
+		{
+			name:            "should succeed when providing valid rawCerts, roots even without verifying the host",
+			givenRawCerts:   rawCerts,
+			givenRoots:      trustedCACerts(t),
+			givenVerifyHost: "",
 			assert: func(t *testing.T, err error) {
 				assert.NoError(t, err)
 			},
@@ -793,7 +799,7 @@ func TestVerifyPeerCertificate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err := verifyPeerCertificate(tt.givenRawCerts, tt.givenRoots, tt.givenDomain, tt.givenSNI)
+			err := verifyPeerCertificate(tt.givenRawCerts, tt.givenRoots, tt.givenVerifyHost)
 			tt.assert(t, err)
 		})
 	}