Set api.Config’s InsecureSkipVerify to the value of !RuntimeConfig.VerifyOutgoing

2018-07-12 07:49:23 -04:00 · 2018-07-12 07:49:23 -04:00 · 0f56ed2d01
parent 7dfd2ab316
commit 0f56ed2d01
2 changed files with 10 additions and 6 deletions
--- a/agent/config/runtime.go
+++ b/agent/config/runtime.go
@ -1223,7 +1223,7 @@ func (c *RuntimeConfig) apiAddresses(maxPerType int) (unixAddrs, httpAddrs, http
 func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error) {
 	cfg := &api.Config{
 		Datacenter: c.Datacenter,
-		TLSConfig:  api.TLSConfig{InsecureSkipVerify: true},
+		TLSConfig:  api.TLSConfig{InsecureSkipVerify: !c.VerifyOutgoing},
 	}
 	unixAddrs, httpAddrs, httpsAddrs := c.apiAddresses(1)
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@ -4542,6 +4542,7 @@ func TestRuntime_APIConfigHTTPS(t *testing.T) {
 		CAPath:         "/etc/consul/ca.dir",
 		CertFile:       "/etc/consul/server.crt",
 		KeyFile:        "/etc/consul/ssl/server.key",
 		VerifyOutgoing: false,
 	}
 	cfg, err := rt.APIConfig(false)
@ -4553,7 +4554,9 @@ func TestRuntime_APIConfigHTTPS(t *testing.T) {
 	require.Equal(t, "", cfg.TLSConfig.CertFile)
 	require.Equal(t, "", cfg.TLSConfig.KeyFile)
 	require.Equal(t, rt.Datacenter, cfg.Datacenter)
 	require.Equal(t, true, cfg.TLSConfig.InsecureSkipVerify)
 	rt.VerifyOutgoing = true
 	cfg, err = rt.APIConfig(true)
 	require.NoError(t, err)
 	require.Equal(t, "198.18.0.2:5678", cfg.Address)
@ -4563,6 +4566,7 @@ func TestRuntime_APIConfigHTTPS(t *testing.T) {
 	require.Equal(t, rt.CertFile, cfg.TLSConfig.CertFile)
 	require.Equal(t, rt.KeyFile, cfg.TLSConfig.KeyFile)
 	require.Equal(t, rt.Datacenter, cfg.Datacenter)
 	require.Equal(t, false, cfg.TLSConfig.InsecureSkipVerify)
 }
 func TestRuntime_APIConfigHTTP(t *testing.T) {