Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Don't ignore TLS config's InsecureSkipVerify
tls.Config by default verifies certificates, gocql.SslOptions does not. If one only provided the tls.Config with InsecureSkipVerify=false, callers expect that the host will be verified, but gocql resets the InsecureSkipVerify to true. It's safer to explicitly disable host verification than to explicitly enable it, so if the tls.Config is provided, let's honor it's security settings. If a TLS config with InsecureSkipVerify=true is provided at the same time as EnableHostVerification=true is provided, this is a conflict in settings. We could either return an error or fall back to verify the host. We chose to verify the host. The issue is in gocql codebase since commit 6495810, when the tls.Config was embedded to SslOptions struct.
- Loading branch information
1 parent
f18e097
commit e96e001
Showing
4 changed files
with
140 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
// +build all unit | ||
|
||
package gocql | ||
|
||
import ( | ||
"crypto/tls" | ||
"testing" | ||
) | ||
|
||
func TestSetupTLSConfig(t *testing.T) { | ||
tests := []struct { | ||
name string | ||
opts *SslOptions | ||
expectedInsecureSkipVerify bool | ||
}{ | ||
{ | ||
name: "Config nil, EnableHostVerification false", | ||
opts: &SslOptions{ | ||
EnableHostVerification: false, | ||
}, | ||
expectedInsecureSkipVerify: true, | ||
}, | ||
{ | ||
name: "Config nil, EnableHostVerification true", | ||
opts: &SslOptions{ | ||
EnableHostVerification: true, | ||
}, | ||
expectedInsecureSkipVerify: false, | ||
}, | ||
{ | ||
name: "Config.InsecureSkipVerify false, EnableHostVerification false", | ||
opts: &SslOptions{ | ||
EnableHostVerification: false, | ||
Config: &tls.Config{ | ||
InsecureSkipVerify: false, | ||
}, | ||
}, | ||
expectedInsecureSkipVerify: false, | ||
}, | ||
{ | ||
name: "Config.InsecureSkipVerify true, EnableHostVerification false", | ||
opts: &SslOptions{ | ||
EnableHostVerification: false, | ||
Config: &tls.Config{ | ||
InsecureSkipVerify: true, | ||
}, | ||
}, | ||
expectedInsecureSkipVerify: true, | ||
}, | ||
{ | ||
name: "Config.InsecureSkipVerify false, EnableHostVerification true", | ||
opts: &SslOptions{ | ||
EnableHostVerification: true, | ||
Config: &tls.Config{ | ||
InsecureSkipVerify: false, | ||
}, | ||
}, | ||
expectedInsecureSkipVerify: false, | ||
}, | ||
{ | ||
name: "Config.InsecureSkipVerify true, EnableHostVerification true", | ||
opts: &SslOptions{ | ||
EnableHostVerification: true, | ||
Config: &tls.Config{ | ||
InsecureSkipVerify: true, | ||
}, | ||
}, | ||
expectedInsecureSkipVerify: false, | ||
}, | ||
} | ||
for _, test := range tests { | ||
test := test | ||
t.Run(test.name, func(t *testing.T) { | ||
tlsConfig, err := setupTLSConfig(test.opts) | ||
if err != nil { | ||
t.Fatalf("unexpected error %q", err.Error()) | ||
} | ||
if tlsConfig.InsecureSkipVerify != test.expectedInsecureSkipVerify { | ||
t.Fatalf("got %v, but expected %v", tlsConfig.InsecureSkipVerify, | ||
test.expectedInsecureSkipVerify) | ||
} | ||
}) | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters