consul: Enforce TLS if VerifyIncoming is set

pull/28/head
Armon Dadgar 11 years ago
parent 7884439b7c
commit f94dfa4efc

@ -61,6 +61,25 @@ func (s *Server) handleConn(conn net.Conn) {
return return
} }
// Check if entering TLS mode
isTLS := false
if RPCType(buf[0]) == rpcTLS {
if s.rpcTLS == nil {
s.logger.Printf("[WARN] consul.rpc: TLS connection attempted, server not configured for TLS")
conn.Close()
return
}
conn = tls.Server(conn, s.rpcTLS)
isTLS = true
}
// Enforce TLS if VerifyIncoming is set
if s.config.VerifyIncoming && !isTLS {
s.logger.Printf("[WARN] consul.rpc: Non-TLS connection attempted with VerifyIncoming set")
conn.Close()
return
}
// Switch on the byte // Switch on the byte
switch RPCType(buf[0]) { switch RPCType(buf[0]) {
case rpcConsul: case rpcConsul:
@ -73,15 +92,6 @@ func (s *Server) handleConn(conn net.Conn) {
case rpcMultiplex: case rpcMultiplex:
s.handleMultiplex(conn) s.handleMultiplex(conn)
case rpcTLS:
if s.rpcTLS == nil {
s.logger.Printf("[WARN] consul.rpc: TLS connection attempted, server not configured for TLS")
conn.Close()
return
}
conn = tls.Server(conn, s.rpcTLS)
s.handleConn(conn)
default: default:
s.logger.Printf("[ERR] consul.rpc: unrecognized RPC byte: %v", buf[0]) s.logger.Printf("[ERR] consul.rpc: unrecognized RPC byte: %v", buf[0])
conn.Close() conn.Close()

Loading…
Cancel
Save