[lxc-devel] [lxd/master] Added InsecureSkipVerify flag the ConnectionArgs struct

Wed, 20 Sep 2017 06:35:50 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/3823

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Added a flag in ConnectionArgs struct that controls whether a client verifies the certificate chain and host name. This allows users to use self signed certificates when connecting to remote host through https. Of course the default value is false, but if you need that you can set it to true when connecting.

Signed-off-by: Ivan Georgiev <ivan.georg...@komfo.com>

From 12528546cc4127b11fdf3fd2fa7234dd79f523d6 Mon Sep 17 00:00:00 2001
From: Ivan Georgiev <ivan.georg...@komfo.com>
Date: Wed, 20 Sep 2017 16:17:57 +0300
Subject: [PATCH] Added insecureSkipVerify flag the ConnectionArgs struct

Signed-off-by: Ivan Georgiev <ivan.georg...@komfo.com>
---
 client/connection.go | 8 ++++++--
 client/util.go       | 4 ++--
 shared/network.go    | 4 ++--
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/client/connection.go b/client/connection.go
index a9474a18a..9156b6ef9 100644
--- a/client/connection.go
+++ b/client/connection.go
@@ -32,6 +32,10 @@ type ConnectionArgs struct {
 
        // Custom HTTP Client (used as base for the connection)
        HTTPClient *http.Client
+
+       // Controls whether a client verifies the
+       // server's certificate chain and host name.
+       InsecureSkipVerify bool
 }
 
 // ConnectLXD lets you connect to a remote LXD daemon over HTTPs.
@@ -123,7 +127,7 @@ func ConnectSimpleStreams(url string, args *ConnectionArgs) 
(ImageServer, error)
        }
 
        // Setup the HTTP client
-       httpClient, err := tlsHTTPClient(args.HTTPClient, args.TLSClientCert, 
args.TLSClientKey, args.TLSCA, args.TLSServerCert, args.Proxy)
+       httpClient, err := tlsHTTPClient(args.HTTPClient, args.TLSClientCert, 
args.TLSClientKey, args.TLSCA, args.TLSServerCert, args.InsecureSkipVerify, 
args.Proxy)
        if err != nil {
                return nil, err
        }
@@ -152,7 +156,7 @@ func httpsLXD(url string, args *ConnectionArgs) 
(ContainerServer, error) {
        }
 
        // Setup the HTTP client
-       httpClient, err := tlsHTTPClient(args.HTTPClient, args.TLSClientCert, 
args.TLSClientKey, args.TLSCA, args.TLSServerCert, args.Proxy)
+       httpClient, err := tlsHTTPClient(args.HTTPClient, args.TLSClientCert, 
args.TLSClientKey, args.TLSCA, args.TLSServerCert, args.InsecureSkipVerify, 
args.Proxy)
        if err != nil {
                return nil, err
        }
diff --git a/client/util.go b/client/util.go
index 3649a0a83..e041fd979 100644
--- a/client/util.go
+++ b/client/util.go
@@ -13,9 +13,9 @@ import (
        "github.com/lxc/lxd/shared/ioprogress"
 )
 
-func tlsHTTPClient(client *http.Client, tlsClientCert string, tlsClientKey 
string, tlsCA string, tlsServerCert string, proxy func(req *http.Request) 
(*url.URL, error)) (*http.Client, error) {
+func tlsHTTPClient(client *http.Client, tlsClientCert string, tlsClientKey 
string, tlsCA string, tlsServerCert string, insecureSkipVerify bool, proxy 
func(req *http.Request) (*url.URL, error)) (*http.Client, error) {
        // Get the TLS configuration
-       tlsConfig, err := shared.GetTLSConfigMem(tlsClientCert, tlsClientKey, 
tlsCA, tlsServerCert)
+       tlsConfig, err := shared.GetTLSConfigMem(tlsClientCert, tlsClientKey, 
tlsCA, tlsServerCert, insecureSkipVerify)
        if err != nil {
                return nil, err
        }
diff --git a/shared/network.go b/shared/network.go
index a2ee54740..61591d6ef 100644
--- a/shared/network.go
+++ b/shared/network.go
@@ -103,9 +103,9 @@ func GetTLSConfig(tlsClientCertFile string, 
tlsClientKeyFile string, tlsClientCA
        return tlsConfig, nil
 }
 
-func GetTLSConfigMem(tlsClientCert string, tlsClientKey string, tlsClientCA 
string, tlsRemoteCertPEM string) (*tls.Config, error) {
+func GetTLSConfigMem(tlsClientCert string, tlsClientKey string, tlsClientCA 
string, tlsRemoteCertPEM string, insecureSkipVerify bool) (*tls.Config, error) {
        tlsConfig := initTLSConfig()
-
+       tlsConfig.InsecureSkipVerify = insecureSkipVerify
        // Client authentication
        if tlsClientCert != "" && tlsClientKey != "" {
                cert, err := tls.X509KeyPair([]byte(tlsClientCert), 
[]byte(tlsClientKey))

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to