More use of central TLS config

2 years ago · 673fd8cade
parent c8231596ac
commit 673fd8cade
4 changed files with 7 additions and 9 deletions
--- a/cluster/service_mux_test.go
+++ b/cluster/service_mux_test.go
@ -104,11 +104,10 @@ func mustNewTLSMux() (net.Listener, *tcp.Mux) {
 	key := x509.KeyFile("")
 	defer os.Remove(key)

-	mux, err := tcp.NewTLSMux(ln, nil, cert, key, "")
+	mux, err := tcp.NewTLSMux(ln, nil, cert, key, "", true)
 	if err != nil {
 		panic(fmt.Sprintf("failed to create TLS mux: %s", err))
 	}
-	mux.InsecureSkipVerify = true

 	return ln, mux
 }
--- a/cmd/rqlited/main.go
+++ b/cmd/rqlited/main.go
@ -293,14 +293,13 @@ func startNodeMux(cfg *Config, ln net.Listener) (*tcp.Mux, error) {
 	var mux *tcp.Mux
 	if cfg.NodeEncrypt {
 		log.Printf("enabling node-to-node encryption with cert: %s, key: %s", cfg.NodeX509Cert, cfg.NodeX509Key)
-		mux, err = tcp.NewTLSMux(ln, adv, cfg.NodeX509Cert, cfg.NodeX509Key, cfg.NodeX509CACert)
+		mux, err = tcp.NewTLSMux(ln, adv, cfg.NodeX509Cert, cfg.NodeX509Key, cfg.NodeX509CACert, cfg.NoNodeVerify)
 	} else {
 		mux, err = tcp.NewMux(ln, adv)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("failed to create node-to-node mux: %s", err.Error())
 	}
-	mux.InsecureSkipVerify = cfg.NoNodeVerify
 	go mux.Serve()

 	return mux, nil
--- a/system_test/helpers.go
+++ b/system_test/helpers.go
@ -694,11 +694,10 @@ func mustNewOpenTLSMux(certFile, keyPath, addr string) *tcp.Mux {
 	}

 	var mux *tcp.Mux
-	mux, err = tcp.NewTLSMux(ln, nil, certFile, keyPath, "")
+	mux, err = tcp.NewTLSMux(ln, nil, certFile, keyPath, "", true)
 	if err != nil {
 		panic(fmt.Sprintf("failed to create node-to-node mux: %s", err.Error()))
 	}
-	mux.InsecureSkipVerify = true

 	go mux.Serve()
 	return mux
--- a/tcp/mux.go
+++ b/tcp/mux.go
@ -91,7 +91,7 @@ type Mux struct {
 	x509Key string

 	// Whether to skip verification of other nodes' certificates.
-	InsecureSkipVerify bool
+	insecureSkipVerify bool

 	tlsConfig *tls.Config
 }
@ -131,6 +131,7 @@ func NewTLSMux(ln net.Listener, adv net.Addr, cert, key, caCert string, insecure
 	mux.x509CACert = caCert
 	mux.x509Cert = cert
 	mux.x509Key = key
+	mux.insecureSkipVerify = insecure

 	return mux, nil
 }
@ -180,7 +181,7 @@ func (mux *Mux) Stats() (interface{}, error) {
 		s["certificate"] = mux.x509Cert
 		s["key"] = mux.x509Key
 		s["ca_certificate"] = mux.x509CACert
-		s["skip_verify"] = strconv.FormatBool(mux.InsecureSkipVerify)
+		s["skip_verify"] = strconv.FormatBool(mux.insecureSkipVerify)
 	}

 	return s, nil
@ -246,7 +247,7 @@ func (mux *Mux) Listen(header byte) *Layer {
 		nodeX509CACert: mux.x509CACert,
 		tlsConfig:      mux.tlsConfig,
 	}
-	layer.dialer = NewDialer(header, mux.remoteEncrypted, mux.InsecureSkipVerify)
+	layer.dialer = NewDialer(header, mux.remoteEncrypted, mux.insecureSkipVerify)

 	return layer
 }