Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

etcdserver: Added configuration flag --peer-skip-client-verify=true

Martin Weindel 6 years ago
parent
a2a8887c33
commit
1b048c91ec
2 changed files with 5 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      etcdmain/config.go
  2. 4 0
      pkg/transport/listener.go

+ 1 - 0
etcdmain/config.go
View File 

@@ -213,6 +213,7 @@ func newConfig() *config {
 
 	fs.StringVar(&cfg.ec.PeerTLSInfo.AllowedCN, "peer-cert-allowed-cn", "", "Allowed CN for inter peer authentication.")
 
 	fs.StringVar(&cfg.ec.PeerTLSInfo.AllowedHostname, "peer-cert-allowed-hostname", "", "Allowed TLS hostname for inter peer authentication.")
 
 	fs.Var(flags.NewStringsValue(""), "cipher-suites", "Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).")
 
+	fs.BoolVar(&cfg.ec.PeerTLSInfo.SkipClientVerify, "peer-skip-client-verify", false, "Skip client IP verification for peer connections.")
 
 
 	fs.Var(
 
 		flags.NewUniqueURLsWithExceptions("*", "*"),

+ 4 - 0
pkg/transport/listener.go
View File 

@@ -56,6 +56,9 @@ func wrapTLS(scheme string, tlsinfo *TLSInfo, l net.Listener) (net.Listener, err
 
 	if scheme != "https" && scheme != "unixs" {
 
 		return l, nil
 
 	}
 
+	if tlsinfo != nil && tlsinfo.SkipClientVerify {
 
+		return NewTLSListener(l, tlsinfo)
 
+	}
 
 	return newTLSListener(l, tlsinfo, checkSAN)
 
 }
 
 
@@ -66,6 +69,7 @@ type TLSInfo struct {
 
 	ClientCertAuth     bool
 
 	CRLFile            string
 
 	InsecureSkipVerify bool
 
+	SkipClientVerify   bool
 
 
 	// ServerName ensures the cert matches the given host in case of discovery / virtual hosting
 
 	ServerName string