Skip to content

Commit

Permalink
Adds support for --tls_enable_host_verification as global option for …
Browse files Browse the repository at this point in the history 
…TCTL (#873)

By default, tctl does not perform host verification on the temporal cluster it is talking to (if using TLS). The underlying code checks a flag, but the flag is not exposed as a Global option. This PR exposes the flag as a global option.

Validated this fix by running against a private environment with a mismatched server-name for the TLS cert. With the flag enabled, tctl gives the appropriate error message when communicating with the private environment
  • Loading branch information
@mastermanu
mastermanu committed Oct 17, 2020
1 parent 8e8a890 commit cf3a5f7
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions tools/cli/app.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,11 @@ func NewCliApp() *cli.App {
Usage: "path to server CA certificate",
EnvVar: "TEMPORAL_CLI_TLS_CA",
},
cli.BoolFlag{
Name: FlagTLSEnableHostVerification,
Usage: "validates hostname of temporal cluster against server certificate",
EnvVar: "TEMPORAL_CLI_TLS_ENABLE_HOST_VERIFICATION",
},
}
app.Commands = []cli.Command{
{
Expand Down

0 comments on commit cf3a5f7

Please sign in to comment.