Skip to content

Commit

Permalink
Add 'InsecureSkipVerify' option to server config and pki
Browse files Browse the repository at this point in the history 
A new field 'InsecureSkipVerify' is added to the server configuration, which allows turning off TLS certificate verification. This is meant for test or development environments and should not be used in production, as it could expose the server to security risks.
  • Loading branch information
@rolandgroen
rolandgroen committed Feb 13, 2024
1 parent 3d0c7e3 commit b50ba74
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions core/server_config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ type TLSConfig struct {
CertKeyFile string `koanf:"certkeyfile"`
TrustStoreFile string `koanf:"truststorefile"`
legacyTLS *NetworkTLSConfig
InsecureSkipVerify bool `koanf:"insecureskipverify"`
}

// Enabled returns whether TLS should be enabled, according to the global config.
Expand Down
1 change: 1 addition & 0 deletions pki/pki.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ func (p *PKI) CreateTLSConfig(cfg core.TLSConfig) (*tls.Config, error) {
return nil, err
}
_ = p.SetVerifyPeerCertificateFunc(tlsConfig) // no error can occur
tlsConfig.InsecureSkipVerify = cfg.InsecureSkipVerify
return tlsConfig, nil
}

Expand Down

0 comments on commit b50ba74

Please sign in to comment.