From be85442e5e9b834d1ce9f2599266c0ff830ad9f2 Mon Sep 17 00:00:00 2001
From: Brandon Philips <brandon@ifup.co>
Date: Sun, 11 Aug 2013 10:33:57 -0700
Subject: [PATCH] fix(etcd): remove insecureskipverify

The client certs and server certs should share the same CA since
everyone is a peer. Use this logic instead of InsecureSkipVerify.

Test-plan: tested manually and tests pass still.
---
 etcd.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/etcd.go b/etcd.go
index 9367def86..11fc57510 100644
--- a/etcd.go
+++ b/etcd.go
@@ -481,8 +481,10 @@ func tlsConfigFromInfo(info TLSInfo) (t TLSConfig, ok bool) {
 	t.Scheme = "https"
 	t.Server.ClientAuth, t.Server.ClientCAs = newCertPool(CAFile)
 
+	// The client should trust the RootCA that the Server uses since
+	// everyone is a peer in the network.
 	t.Client.Certificates = []tls.Certificate{tlsCert}
-	t.Client.InsecureSkipVerify = true
+	t.Client.RootCAs = t.Server.ClientCAs
 
 	return t, true
 }