From b50ba749e576e38024e4e3a3ec5eb347a564a2d3 Mon Sep 17 00:00:00 2001
From: Roland Groen <roland@edia.nl>
Date: Tue, 13 Feb 2024 09:54:10 +0100
Subject: [PATCH] Add 'InsecureSkipVerify' option to server config and pki

A new field 'InsecureSkipVerify' is added to the server configuration, which allows turning off TLS certificate verification. This is meant for test or development environments and should not be used in production, as it could expose the server to security risks.
---
 core/server_config.go | 1 +
 pki/pki.go            | 1 +
 2 files changed, 2 insertions(+)

diff --git a/core/server_config.go b/core/server_config.go
index b99fa9cffc..a76ad3883b 100644
--- a/core/server_config.go
+++ b/core/server_config.go
@@ -85,6 +85,7 @@ type TLSConfig struct {
 	CertKeyFile          string `koanf:"certkeyfile"`
 	TrustStoreFile       string `koanf:"truststorefile"`
 	legacyTLS            *NetworkTLSConfig
+	InsecureSkipVerify   bool `koanf:"insecureskipverify"`
 }
 
 // Enabled returns whether TLS should be enabled, according to the global config.
diff --git a/pki/pki.go b/pki/pki.go
index f158a650ab..84cf2b6acd 100644
--- a/pki/pki.go
+++ b/pki/pki.go
@@ -94,6 +94,7 @@ func (p *PKI) CreateTLSConfig(cfg core.TLSConfig) (*tls.Config, error) {
 		return nil, err
 	}
 	_ = p.SetVerifyPeerCertificateFunc(tlsConfig) // no error can occur
+	tlsConfig.InsecureSkipVerify = cfg.InsecureSkipVerify
 	return tlsConfig, nil
 }