Skip to content

Commit

Permalink
support TLS Insecure connection - added flag --tlsinsecure
Browse files Browse the repository at this point in the history
  • Loading branch information
mschneider82 committed Jul 25, 2024
1 parent 7b97b33 commit 9c6e160
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 1 deletion.
2 changes: 1 addition & 1 deletion cli/cli.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ var (

// These are persisted by contexts, as properties thereof.
// So don't include NATS_CONTEXT in this list.
overrideEnvVars = []string{"NATS_URL", "NATS_USER", "NATS_PASSWORD", "NATS_CREDS", "NATS_NKEY", "NATS_CERT", "NATS_KEY", "NATS_CA", "NATS_TIMEOUT", "NATS_SOCKS_PROXY", "NATS_COLOR"}
overrideEnvVars = []string{"NATS_URL", "NATS_USER", "NATS_PASSWORD", "NATS_CREDS", "NATS_NKEY", "NATS_CERT", "NATS_KEY", "NATS_CA", "NATS_TIMEOUT", "NATS_SOCKS_PROXY", "NATS_COLOR", "NATS_TLSINSECURE"}
)

func registerCommand(name string, order int, c func(app commandHost)) {
Expand Down
5 changes: 5 additions & 0 deletions cli/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"bufio"
"bytes"
"context"
"crypto/tls"
"encoding/base64"
"encoding/json"
"errors"
Expand Down Expand Up @@ -307,6 +308,10 @@ func natsOpts() []nats.Option {
connectionName = "NATS CLI Version " + Version
}

if opts().TlsInsecure {
copts = append(copts, nats.Secure(&tls.Config{InsecureSkipVerify: true}))
}

return append(copts, []nats.Option{
nats.Name(connectionName),
nats.MaxReconnects(-1),
Expand Down
1 change: 1 addition & 0 deletions nats/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ See 'nats cheat' for a quick cheatsheet of commands`
ncli.Flag("tlskey", "TLS private key").Envar("NATS_KEY").PlaceHolder("FILE").ExistingFileVar(&opts.TlsKey)
ncli.Flag("tlsca", "TLS certificate authority chain").Envar("NATS_CA").PlaceHolder("FILE").ExistingFileVar(&opts.TlsCA)
ncli.Flag("tlsfirst", "Perform TLS handshake before expecting the server greeting").BoolVar(&opts.TlsFirst)
ncli.Flag("tlsinsecure", "Disable TLS Certificate Verification").Envar("NATS_TLSINSECURE").BoolVar(&opts.TlsInsecure)
if runtime.GOOS == "windows" {
ncli.Flag("certstore", "Uses a Windows Certificate Store for TLS (user, machine)").PlaceHolder("TYPE").EnumVar(&opts.WinCertStoreType, "user", "windowscurrentuser", "machine", "windowslocalmachine")
ncli.Flag("certstore-match", "Which certificate to use in the store").PlaceHolder("QUERY").StringVar(&opts.WinCertStoreMatch)
Expand Down
2 changes: 2 additions & 0 deletions options/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ type Options struct {
TlsKey string
// TlsCA is the certificate authority to verify the connection with
TlsCA string
// TlsInsecure Disable TLS Certificate Verification
TlsInsecure bool
// Timeout is how long to wait for operations
Timeout time.Duration
// ConnectionName is the name to use for the underlying NATS connection
Expand Down

0 comments on commit 9c6e160

Please sign in to comment.