From 27d6bebbdac46dd53959727ae46f1c72016775a4 Mon Sep 17 00:00:00 2001 From: Ankur Shrivastava Date: Mon, 10 Jun 2024 21:36:00 +0800 Subject: [PATCH] Adding support for Insecure Skip Verify (#24) * adding support for Insecure Skip Verify * updating docs * updating comment --- README.md | 2 +- config/README.md | 5 ++++- config/config.go | 3 +++ core.go | 9 +++++---- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bc2c414..d1e3995 100755 --- a/README.md +++ b/README.md @@ -159,7 +159,7 @@ type CB interface { ``` -### func [New]() +### func [New]() ```go func New(c config.Config) CB diff --git a/config/README.md b/config/README.md index 488bb80..8888468 100755 --- a/config/README.md +++ b/config/README.md @@ -16,7 +16,7 @@ import "github.com/go-coldbrew/core/config" -## type [Config]() +## type [Config]() Config is the configuration for the Coldbrew server It is populated from environment variables and has sensible defaults for all fields so that you can just use it as is without any configuration The following environment variables are supported and can be used to override the defaults for the fields @@ -110,6 +110,9 @@ type Config struct { // GRPCTLSCertFile an GRPCTLSKeyFile are the paths to the key and cert files for the GRPC server // If these are set, the server will be started with TLS enabled GRPCTLSCertFile string `envconfig:"GRPC_TLS_CERT_FILE"` + // GRPCTLSInsecureSkipVerify is used to skip verification of the server's certificate chain and host name + // Only set this to true if you are sure you want to disable TLS verification for the server + GRPCTLSInsecureSkipVerify bool `envconfig:"GRPC_TLS_INSECURE_SKIP_VERIFY" default:"false"` } ``` diff --git a/config/config.go b/config/config.go index 117102f..b1c8e41 100644 --- a/config/config.go +++ b/config/config.go @@ -92,4 +92,7 @@ type Config struct { // GRPCTLSCertFile an GRPCTLSKeyFile are the paths to the key and cert files for the GRPC server // If these are set, the server will be started with TLS enabled GRPCTLSCertFile string `envconfig:"GRPC_TLS_CERT_FILE"` + // GRPCTLSInsecureSkipVerify is used to skip verification of the server's certificate chain and host name + // Only set this to true if you are sure you want to disable TLS verification for the server + GRPCTLSInsecureSkipVerify bool `envconfig:"GRPC_TLS_INSECURE_SKIP_VERIFY" default:"false"` } diff --git a/core.go b/core.go index e9648e1..b41c90f 100644 --- a/core.go +++ b/core.go @@ -256,7 +256,7 @@ func (c *cb) getGRPCServerOptions() []grpc.ServerOption { return so } -func loadTLSCredentials(certFile, keyFile string) (credentials.TransportCredentials, error) { +func loadTLSCredentials(certFile, keyFile string, insecureSkipVerify bool) (credentials.TransportCredentials, error) { // Load server's certificate and private key serverCert, err := tls.LoadX509KeyPair(certFile, keyFile) if err != nil { @@ -265,8 +265,9 @@ func loadTLSCredentials(certFile, keyFile string) (credentials.TransportCredenti // Create the credentials and return it config := &tls.Config{ - Certificates: []tls.Certificate{serverCert}, - ClientAuth: tls.NoClientCert, + Certificates: []tls.Certificate{serverCert}, + ClientAuth: tls.NoClientCert, + InsecureSkipVerify: insecureSkipVerify, } return credentials.NewTLS(config), nil @@ -275,7 +276,7 @@ func loadTLSCredentials(certFile, keyFile string) (credentials.TransportCredenti func (c *cb) initGRPC(ctx context.Context) (*grpc.Server, error) { so := c.getGRPCServerOptions() if c.config.GRPCTLSCertFile != "" && c.config.GRPCTLSKeyFile != "" { - creds, err := loadTLSCredentials(c.config.GRPCTLSCertFile, c.config.GRPCTLSKeyFile) + creds, err := loadTLSCredentials(c.config.GRPCTLSCertFile, c.config.GRPCTLSKeyFile, c.config.GRPCTLSInsecureSkipVerify) if err != nil { return nil, err }