Fixes for issues #53 and #56. ngrok client no longer hardcodes the TLS SNI to ngrokd.ngrok.com instead parsing the configured address in release builds and not specifying any in debug builds to make setting up a debug client/server easy

src/ngrok/client/config.go

@@ -212,16 +212,16 @@ func normalizeAddress(addr string, propName string) (string, error) {
 		addr = ":" + addr
 	}
 
-	tcpAddr, err := net.ResolveTCPAddr("tcp", addr)
+	host, port, err := net.SplitHostPort(addr)
 	if err != nil {
 		return "", fmt.Errorf("Invalid address %s '%s': %s", propName, addr, err.Error())
 	}
 
-	if tcpAddr.IP == nil {
-		tcpAddr.IP = net.ParseIP("127.0.0.1")
+	if host == "" {
+		host = "127.0.0.1"
 	}
 
-	return tcpAddr.String(), nil
+	return fmt.Sprintf("%s:%s", host, port), nil
 }
 
 func validateProtocol(proto, propName string) (err error) {

src/ngrok/client/debug.go

@@ -5,3 +5,8 @@ package client
 var (
 	rootCrtPaths = []string{"assets/client/tls/ngrokroot.crt", "assets/client/tls/snakeoilca.crt"}
 )
+
+// no server name in debug builds so that when you connect it will always work
+func serverName(addr string) string {
+	return ""
+}

src/ngrok/client/model.go

@@ -59,18 +59,7 @@ func newClientModel(config *Configuration, ctl mvc.Controller) *ClientModel {
 	protoMap["tcp"] = proto.NewTcp()
 	protocols := []proto.Protocol{protoMap["http"], protoMap["tcp"]}
 
-	// configure TLS
-	var tlsConfig *tls.Config
-	if config.TrustHostRootCerts {
-		tlsConfig = &tls.Config{}
-	} else {
-		var err error
-		if tlsConfig, err = LoadTLSConfig(rootCrtPaths); err != nil {
-			panic(err)
-		}
-	}
-
-	return &ClientModel{
+	m := &ClientModel{
 		Logger: log.NewPrefixLogger("client"),
 
 		// server address
@@ -103,15 +92,29 @@ func newClientModel(config *Configuration, ctl mvc.Controller) *ClientModel {
 		// controller
 		ctl: ctl,
 
-		// tls configuration
-		tlsConfig: tlsConfig,
-
 		// tunnel configuration
 		tunnelConfig: config.Tunnels,
 
 		// config path
 		configPath: config.Path,
 	}
+
+	// configure TLS
+	if config.TrustHostRootCerts {
+		m.Info("Trusting host's root certificates")
+		m.tlsConfig = &tls.Config{}
+	} else {
+		m.Info("Trusting root CAs: %v", rootCrtPaths)
+		var err error
+		if m.tlsConfig, err = LoadTLSConfig(rootCrtPaths); err != nil {
+			panic(err)
+		}
+	}
+
+	// configure TLS SNI
+	m.tlsConfig.ServerName = serverName(m.serverAddr)
+
+	return m
 }
 
 // mvc.State interface

src/ngrok/client/release.go

@@ -2,6 +2,20 @@
 
 package client
 
+import "net"
+
 var (
 	rootCrtPaths = []string{"assets/client/tls/ngrokroot.crt"}
 )
+
+// server name in release builds is the host part of the server address
+func serverName(addr string) string {
+	host, _, err := net.SplitHostPort(addr)
+
+	// should never panic because the config parser calls SplitHostPort first
+	if err != nil {
+		panic(err)
+	}
+
+	return host
+}

src/ngrok/client/tls.go

@@ -30,8 +30,5 @@ func LoadTLSConfig(rootCertPaths []string) (*tls.Config, error) {
 		pool.AddCert(certs[0])
 	}
 
-	return &tls.Config{
-		RootCAs:    pool,
-		ServerName: "ngrokd.ngrok.com",
-	}, nil
+	return &tls.Config{RootCAs: pool}, nil
 }