Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

etcdserver: Added configuration flag --peer-skip-client-verify=true

Browse Source
This commit is contained in:
Martin Weindel 2019-03-05 14:23:41 +01:00 committed by Sam Batschelet
parent a2a8887c33
commit 1b048c91ec
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
etcdmain/config.go
View File

@ -213,6 +213,7 @@ func newConfig() *config {
fs.StringVar(&cfg.ec.PeerTLSInfo.AllowedCN, "peer-cert-allowed-cn", "", "Allowed CN for inter peer authentication.") fs.StringVar(&cfg.ec.PeerTLSInfo.AllowedCN, "peer-cert-allowed-cn", "", "Allowed CN for inter peer authentication.")
fs.StringVar(&cfg.ec.PeerTLSInfo.AllowedHostname, "peer-cert-allowed-hostname", "", "Allowed TLS hostname for inter peer authentication.") fs.StringVar(&cfg.ec.PeerTLSInfo.AllowedHostname, "peer-cert-allowed-hostname", "", "Allowed TLS hostname for inter peer authentication.")
fs.Var(flags.NewStringsValue(""), "cipher-suites", "Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).") fs.Var(flags.NewStringsValue(""), "cipher-suites", "Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).")
fs.BoolVar(&cfg.ec.PeerTLSInfo.SkipClientVerify, "peer-skip-client-verify", false, "Skip client IP verification for peer connections.")
fs.Var( fs.Var(
flags.NewUniqueURLsWithExceptions("*", "*"), flags.NewUniqueURLsWithExceptions("*", "*"),

4
pkg/transport/listener.go
View File

@ -56,6 +56,9 @@ func wrapTLS(scheme string, tlsinfo *TLSInfo, l net.Listener) (net.Listener, err
if scheme != "https" && scheme != "unixs" { if scheme != "https" && scheme != "unixs" {
return l, nil return l, nil
} }
if tlsinfo != nil && tlsinfo.SkipClientVerify {
return NewTLSListener(l, tlsinfo)
}
return newTLSListener(l, tlsinfo, checkSAN) return newTLSListener(l, tlsinfo, checkSAN)
} }
@ -66,6 +69,7 @@ type TLSInfo struct {
ClientCertAuth bool ClientCertAuth bool
CRLFile string CRLFile string
InsecureSkipVerify bool InsecureSkipVerify bool
SkipClientVerify bool
// ServerName ensures the cert matches the given host in case of discovery / virtual hosting // ServerName ensures the cert matches the given host in case of discovery / virtual hosting
ServerName string ServerName string