Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(etcd): remove insecureskipverify

Browse Source 
The client certs and server certs should share the same CA since
everyone is a peer. Use this logic instead of InsecureSkipVerify.

Test-plan: tested manually and tests pass still.
This commit is contained in:
Brandon Philips
2013-08-11 10:33:57 -07:00
parent 9fd62298ff
commit be85442e5e
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
etcd.go
View File

@@ -481,8 +481,10 @@ func tlsConfigFromInfo(info TLSInfo) (t TLSConfig, ok bool) {
t.Scheme = "https"
t.Server.ClientAuth, t.Server.ClientCAs = newCertPool(CAFile)
// The client should trust the RootCA that the Server uses since
// everyone is a peer in the network.
t.Client.Certificates = []tls.Certificate{tlsCert}
t.Client.InsecureSkipVerify = true
t.Client.RootCAs = t.Server.ClientCAs
return t, true
}