Adding support for Insecure Skip Verify (#24)

* adding support for Insecure Skip Verify * updating docs * updating comment
go-coldbrew · Jun 10, 2024 · 27d6beb · 27d6beb
1 parent 22f9d79
commit 27d6beb
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -159,7 +159,7 @@ type CB interface {
 ```
 
 <a name="New"></a>
-### func [New](<https://github.com/go-coldbrew/core/blob/main/core.go#L414>)
+### func [New](<https://github.com/go-coldbrew/core/blob/main/core.go#L415>)
 
 ```go
 func New(c config.Config) CB

diff --git a/config/README.md b/config/README.md
@@ -16,7 +16,7 @@ import "github.com/go-coldbrew/core/config"
 
 
 <a name="Config"></a>
-## type [Config](<https://github.com/go-coldbrew/core/blob/main/config/config.go#L6-L95>)
+## type [Config](<https://github.com/go-coldbrew/core/blob/main/config/config.go#L6-L98>)
 
 Config is the configuration for the Coldbrew server It is populated from environment variables and has sensible defaults for all fields so that you can just use it as is without any configuration The following environment variables are supported and can be used to override the defaults for the fields
 
@@ -110,6 +110,9 @@ type Config struct {
     // GRPCTLSCertFile an GRPCTLSKeyFile are the paths to the key and cert files for the GRPC server
     // If these are set, the server will be started with TLS enabled
     GRPCTLSCertFile string `envconfig:"GRPC_TLS_CERT_FILE"`
+    // GRPCTLSInsecureSkipVerify is used to skip verification of the server's certificate chain and host name
+    // Only set this to true if you are sure you want to disable TLS verification for the server
+    GRPCTLSInsecureSkipVerify bool `envconfig:"GRPC_TLS_INSECURE_SKIP_VERIFY" default:"false"`
 }
 ```
 

diff --git a/config/config.go b/config/config.go
@@ -92,4 +92,7 @@ type Config struct {
 	// GRPCTLSCertFile an GRPCTLSKeyFile are the paths to the key and cert files for the GRPC server
 	// If these are set, the server will be started with TLS enabled
 	GRPCTLSCertFile string `envconfig:"GRPC_TLS_CERT_FILE"`
+	// GRPCTLSInsecureSkipVerify is used to skip verification of the server's certificate chain and host name
+	// Only set this to true if you are sure you want to disable TLS verification for the server
+	GRPCTLSInsecureSkipVerify bool `envconfig:"GRPC_TLS_INSECURE_SKIP_VERIFY" default:"false"`
 }
diff --git a/core.go b/core.go
@@ -256,7 +256,7 @@ func (c *cb) getGRPCServerOptions() []grpc.ServerOption {
 	return so
 }
 
-func loadTLSCredentials(certFile, keyFile string) (credentials.TransportCredentials, error) {
+func loadTLSCredentials(certFile, keyFile string, insecureSkipVerify bool) (credentials.TransportCredentials, error) {
 	// Load server's certificate and private key
 	serverCert, err := tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
@@ -265,8 +265,9 @@ func loadTLSCredentials(certFile, keyFile string) (credentials.TransportCredenti
 
 	// Create the credentials and return it
 	config := &tls.Config{
-		Certificates: []tls.Certificate{serverCert},
-		ClientAuth:   tls.NoClientCert,
+		Certificates:       []tls.Certificate{serverCert},
+		ClientAuth:         tls.NoClientCert,
+		InsecureSkipVerify: insecureSkipVerify,
 	}
 
 	return credentials.NewTLS(config), nil
@@ -275,7 +276,7 @@ func loadTLSCredentials(certFile, keyFile string) (credentials.TransportCredenti
 func (c *cb) initGRPC(ctx context.Context) (*grpc.Server, error) {
 	so := c.getGRPCServerOptions()
 	if c.config.GRPCTLSCertFile != "" && c.config.GRPCTLSKeyFile != "" {
-		creds, err := loadTLSCredentials(c.config.GRPCTLSCertFile, c.config.GRPCTLSKeyFile)
+		creds, err := loadTLSCredentials(c.config.GRPCTLSCertFile, c.config.GRPCTLSKeyFile, c.config.GRPCTLSInsecureSkipVerify)
 		if err != nil {
 			return nil, err
 		}