tls: Authority validation doesn't strip ports before validation

[arjan-bal]

The HTTP2 :authority header frequently contains the port along with the hostname. The ValidateAuthority method should strip the port, if it exists, before calling VerifyHostname.

grpc-go/credentials/tls.go

Lines 57 to 67 in 50c6321

	func (t TLSInfo) ValidateAuthority(authority string) error {
	var errs []error
	for _, cert := range t.State.PeerCertificates {
	var err error
	if err = cert.VerifyHostname(authority); err == nil {
	return nil
	}
	errs = append(errs, err)
	}
	return fmt.Errorf("credentials: invalid authority %q: %v", authority, errors.Join(errs...))
	}

We should also add a test to verify the correct behaviour.

[Atul1710]

I can take this up @arjan-bal

[eshitachandwani]

Sure! Thank you for helping us out! Assigning it to you!