New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ADDED] Cluster tls insecure configuration #921
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, maybe should squash some of the commits before merging
@wallyqs I have updated the PR: since we use parseTLS (and getTLSConfig) in various places, and we have an exported GenTLSConfig(), I moved the setting into that function. However, when creating the server (NewServer()), I now reject InsecureSkipVerify if set in anything but the Cluster config. Let me know what you think. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kozlovic sounds good to prevent setting skip verify for client connection and gateways for now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Based on @softkbot PR #913. Removed the command line parameter, which then removes the need for Options.Cluster.TLSInsecure. Added a test with config reload. Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
60e2dfe
to
83aefdc
Compare
Based on @softkbot PR #913.
Removed the command line parameter, which then removes the need for Options.Cluster.TLSInsecure.
Added a test with config reload.
/cc @nats-io/core