diff options
author | Patrick O'Doherty <p@trickod.com> | 2016-05-28 21:22:38 +0100 |
---|---|---|
committer | Niall Sheridan <nsheridan@gmail.com> | 2016-05-29 00:14:34 +0100 |
commit | a5783a4ea89a1a7e7469bcb75b9276d81d7b3aee (patch) | |
tree | 27d49aa2bf1b6957dbea21e7659ccbd9c91eaabf /cmd/cashier/main.go | |
parent | f04bfc498bced76485f8c164f9969e0ed9de7519 (diff) |
Add validate_tls_certificate option to client config
To allow for easier development on localhost where one cannot get a
root-CA signed TLS certificate, add a new validate_tls_certificate
option to the configuration file which optionally allows for certificate
chain checking to be disabled.
Diffstat (limited to 'cmd/cashier/main.go')
-rw-r--r-- | cmd/cashier/main.go | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/cmd/cashier/main.go b/cmd/cashier/main.go index 2bac63a..564664c 100644 --- a/cmd/cashier/main.go +++ b/cmd/cashier/main.go @@ -2,6 +2,7 @@ package main import ( "bytes" + "crypto/tls" "encoding/json" "flag" "fmt" @@ -37,7 +38,11 @@ func installCert(a agent.Agent, cert *ssh.Certificate, key key) error { return nil } -func send(s []byte, token, ca string) (*lib.SignResponse, error) { +func send(s []byte, token, ca string, ValidateTLSCertificate bool) (*lib.SignResponse, error) { + transport := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: !ValidateTLSCertificate}, + } + client := &http.Client{Transport: transport} req, err := http.NewRequest("POST", ca+"/sign", bytes.NewReader(s)) if err != nil { return nil, err @@ -45,7 +50,6 @@ func send(s []byte, token, ca string) (*lib.SignResponse, error) { req.Header.Set("Content-Type", "application/json") req.Header.Add("Accept", "application/json") req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) - client := &http.Client{} resp, err := client.Do(req) if err != nil { return nil, err @@ -79,7 +83,7 @@ func sign(pub ssh.PublicKey, token string, conf *config) (*ssh.Certificate, erro if err != nil { return nil, err } - resp, err := send(s, token, conf.CA) + resp, err := send(s, token, conf.CA, conf.ValidateTLSCertificate) if err != nil { return nil, err } |