github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,246 Commits
1,704 Branches
457 Tags
689 MiB
Commit Graph

4 Commits (e66063c3a365a91496a62499e7d7ad0ec4de52ad)

Author SHA1 Message Date
Nelson Elhage 12a7f765b6 Add some basic smoke tests for wrapTLSclient. 
Check the success case, and check that we reject a self-signed
certificate.
 2014-06-29 18:11:32 -07:00
Nelson Elhage d174cbe7f4 Restore the 0.2 TLS verification behavior. 
Namely, don't check the DNS names in TLS certificates when connecting to
other servers.

As of golang 1.3, crypto/tls no longer natively supports doing partial
verification (verifying the cert issuer but not the hostname), so we
have to disable verification entirely and then do the issuer
verification ourselves. Fortunately, crypto/x509 makes this relatively
straightforward.

If the "server_name" configuration option is passed, we preserve the
existing behavior of checking that server name everywhere.

No option is provided to retain the current behavior of checking the
remote certificate against the local node name, since that behavior
seems clearly buggy and unintentional, and I have difficulty imagining
it is actually being used anywhere. It would be relatively
straightforward to restore if desired, however.
 2014-06-28 13:32:42 -07:00
Nelson Elhage fe4ec67488 Allow multiple PEM-encoded certificates in the ca_file. 
fixes #167
 2014-05-26 10:58:57 -07:00
Armon Dadgar 2c212516ee consul: Adding configuration tests 2014-04-07 15:07:00 -07:00