From bf76d1ed51099a78209a2dc109d826cab20d286e Mon Sep 17 00:00:00 2001
From: mgoddard <mgoddard@cockroachlabs.com>
Date: Sat, 19 Jun 2021 07:16:00 -0400
Subject: [PATCH] Solve issue with 'sslmode=verify-full' when there are
 multiple hosts

---
 config.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config.go b/config.go
index 16480589..172e7478 100644
--- a/config.go
+++ b/config.go
@@ -297,7 +297,7 @@ func ParseConfig(connString string) (*Config, error) {
 			tlsConfigs = append(tlsConfigs, nil)
 		} else {
 			var err error
-			tlsConfigs, err = configTLS(settings)
+			tlsConfigs, err = configTLS(settings, host)
 			if err != nil {
 				return nil, &parseConfigError{connString: connString, msg: "failed to configure TLS", err: err}
 			}
@@ -552,8 +552,8 @@ func parseServiceSettings(servicefilePath, serviceName string) (map[string]strin
 // configTLS uses libpq's TLS parameters to construct  []*tls.Config. It is
 // necessary to allow returning multiple TLS configs as sslmode "allow" and
 // "prefer" allow fallback.
-func configTLS(settings map[string]string) ([]*tls.Config, error) {
-	host := settings["host"]
+func configTLS(settings map[string]string, thisHost string) ([]*tls.Config, error) {
+	host := thisHost
 	sslmode := settings["sslmode"]
 	sslrootcert := settings["sslrootcert"]
 	sslcert := settings["sslcert"]