Rancher 2.6.7 does not honor GODEBUG=x509ignoreCN=0

I have had GODEBUG set to “x509ignoreCN=0” since using Rancher 2.5 in order to support TLS-based AD auth to our company AD which has not updated their certs yet.

I noticed Rancher 2.6.7, after upgrading, errors out with TLS and the reason appears to imply this GODEBUG is being ignored.

Evidence of variable set:

<ebrundic[toybox]>:<~>$ kubectl -n cattle-system exec -it rancher-6768fd4546-6zsqk – /bin/sh -c ‘set’ | grep GODEBUG

Logs indicating error:

2022/08/22 13:51:08 [ERROR] API error response 500 for POST /v3-public/activeDirectoryProviders/activedirectory?action=login. Cause: Error creating ssl connection: LDAP Result Code 200 “Network Error”: x509: certificate relies on legacy Common Name field, use SANs instead

FYI- Switching AD back to using non-TLS seems to work, but obviously is not as secure…