Add ssl_hostname_verification support.

Author: lukebakken

deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap_mgmt.erl

@@ -186,5 +186,12 @@ tls_options(BodyMap) ->
                     Versions = lists:filtermap(F1, VersionStrs),
                     [{versions, Versions} | TlsOpts5]
             end,
-            {ok, TlsOpts6}
+            TlsOpts7 = case maps:get(<<"ssl_hostname_verification">>, SslOptionsMap, undefined) of
+                undefined ->
+                    TlsOpts6;
+                "wildcard" ->
+                    [{customize_hostname_check, [{match_fun, public_key:pkix_verify_hostname_match_fun(https)}]} | TlsOpts6]
+                end,
+            ?LOG_DEBUG("@@@@ TlsOpts7 ~tp", [TlsOpts7]),
+            {ok, TlsOpts7}
     end.

deps/rabbitmq_auth_backend_ldap/test/system_SUITE.erl

@@ -394,7 +394,20 @@ validate_ldap_configuration_via_api(Config) ->
                 'verify' => "verify_peer",
                 'cacert_pem_data' => [CaCertfileContent, CaCertfileContent]
             }
-        }, ?BAD_REQUEST).
+        }, ?BAD_REQUEST),
+    http_put(Config, "/ldap/validate/simple-bind",
+        #{
+            'user_dn' => AliceUserDN,
+            'password' => Password,
+            'servers' => ["localhost"],
+            'port' => LdapTlsPort,
+            'use_ssl' => true,
+            'ssl_options' => #{
+                'verify' => "verify_peer",
+                'cacertfile' => CaCertfile,
+                'ssl_hostname_verification' => "wildcard"
+            }
+        }, ?NO_CONTENT).
 
 purge_connection(Config) ->
     {ok, _} = rabbit_ct_broker_helpers:rpc(Config, 0,