Skip to content

Commit

Permalink
Add InsecureSkipVerify to TLS configuration
Browse files Browse the repository at this point in the history
Added a new InsecureSkipVerify configuration option in core/server_config.go and applied it in pki/pki.go. This feature allows users to skip the verification of a server's SSL certificate, useful in testing environments or with self-signed certificates. It should not be used in production environments as it opens potential security risks.
  • Loading branch information
rolandgroen committed Jan 29, 2024
1 parent 839cdb4 commit 1068be4
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions core/server_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ type TLSConfig struct {
CertKeyFile string `koanf:"certkeyfile"`
TrustStoreFile string `koanf:"truststorefile"`
legacyTLS *NetworkTLSConfig
InsecureSkipVerify bool `koanf:"insecureskipverify"`
}

// Enabled returns whether TLS should be enabled, according to the global config.
Expand Down
1 change: 1 addition & 0 deletions pki/pki.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ func (p *PKI) CreateTLSConfig(cfg core.TLSConfig) (*tls.Config, error) {
return nil, err
}
_ = p.SetVerifyPeerCertificateFunc(tlsConfig) // no error can occur
tlsConfig.InsecureSkipVerify = cfg.InsecureSkipVerify
return tlsConfig, nil
}

Expand Down

0 comments on commit 1068be4

Please sign in to comment.