This bug was initially created as a copy of Bug #1889437
I am copying this bug because:
This is for RHEL7 tracking.
Description of problem:
Go 1.15 is more strict in the handling of x.509 certs, rejecting those with invalid CN values.
The deprecated, legacy behavior of treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is now disabled by default. It can be temporarily re-enabled by adding the value x509ignoreCN=0 to the GODEBUG environment variable.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Have cert with CN and no SANs
2. Make https request to Go server
3. Cert is rejected and connection closed
Cert is rejected
Cert is accepted but with warning message.
*** This bug has been marked as a duplicate of bug 1892726 ***