Skip to content
This repository has been archived by the owner on Jan 4, 2021. It is now read-only.

Commit

Permalink
(#533) do not require certificates when ssl is disabled
Browse files Browse the repository at this point in the history
  • Loading branch information
Roland Pienaar committed Nov 22, 2018
1 parent 13db0c4 commit 0ac58ef
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 8 deletions.
6 changes: 3 additions & 3 deletions lib/mcollective/connector/nats.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,9 @@ def connect

if $choria_unsafe_disable_nats_tls # rubocop:disable Style/GlobalVars
Log.warn("Disabling TLS in NATS connector, this is not a production supported setup")
parameters.delete(:tls)
else
parameters[:tls] = {:context => choria.ssl_context}
choria.check_ssl_setup
end

servers = server_list
Expand All @@ -89,8 +91,6 @@ def connect
parameters[:servers] = servers
end

choria.check_ssl_setup

connection.start(parameters)

nil
Expand Down
16 changes: 11 additions & 5 deletions lib/mcollective/security/choria.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,13 +49,19 @@ def encoderequest(sender, msg, requestid, filter, target_agent, target_collectiv
request["envelope"]["callerid"] = callerid

serialized_request = serialize(request, default_serializer)

serialize(
secure_request = {
"protocol" => "choria:secure:request:1",
"message" => serialized_request,
"signature" => sign(serialized_request),
"pubcert" => File.read(client_public_cert).chomp
)
"signature" => "insecure",
"pubcert" => "insecure"
}

unless $choria_unsafe_disable_nats_tls
secure_request["signature"] = sign(serialized_request)
secure_request["pubcert"] = File.read(client_public_cert).chomp
end

serialize(secure_request)
end

# Encodes a reply to a earlier received message
Expand Down

0 comments on commit 0ac58ef

Please sign in to comment.