Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fix(etcd): remove insecureskipverify

The client certs and server certs should share the same CA since
everyone is a peer. Use this logic instead of InsecureSkipVerify.

Test-plan: tested manually and tests pass still.
Brandon Philips 12 years ago
parent
9fd62298ff
commit
be85442e5e
1 changed files with 3 additions and 1 deletions
Split View Show Diff Stats
  1. 3 1
      etcd.go

+ 3 - 1
etcd.go
View File 

@@ -481,8 +481,10 @@ func tlsConfigFromInfo(info TLSInfo) (t TLSConfig, ok bool) {
 
 	t.Scheme = "https"
 
 	t.Server.ClientAuth, t.Server.ClientCAs = newCertPool(CAFile)
 
 
+	// The client should trust the RootCA that the Server uses since
 
+	// everyone is a peer in the network.
 
 	t.Client.Certificates = []tls.Certificate{tlsCert}
 
-	t.Client.InsecureSkipVerify = true
 
+	t.Client.RootCAs = t.Server.ClientCAs
 
 
 	return t, true
 
 }