From 9c6e160d1b21f72b25d68cb71afd9b12e3e4f0ab Mon Sep 17 00:00:00 2001 From: Matthias Schneider Date: Thu, 25 Jul 2024 09:20:13 +0200 Subject: [PATCH] support TLS Insecure connection - added flag --tlsinsecure --- cli/cli.go | 2 +- cli/util.go | 5 +++++ nats/main.go | 1 + options/options.go | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/cli/cli.go b/cli/cli.go index 12d420d4..a1ec95de 100644 --- a/cli/cli.go +++ b/cli/cli.go @@ -56,7 +56,7 @@ var ( // These are persisted by contexts, as properties thereof. // So don't include NATS_CONTEXT in this list. - overrideEnvVars = []string{"NATS_URL", "NATS_USER", "NATS_PASSWORD", "NATS_CREDS", "NATS_NKEY", "NATS_CERT", "NATS_KEY", "NATS_CA", "NATS_TIMEOUT", "NATS_SOCKS_PROXY", "NATS_COLOR"} + overrideEnvVars = []string{"NATS_URL", "NATS_USER", "NATS_PASSWORD", "NATS_CREDS", "NATS_NKEY", "NATS_CERT", "NATS_KEY", "NATS_CA", "NATS_TIMEOUT", "NATS_SOCKS_PROXY", "NATS_COLOR", "NATS_TLSINSECURE"} ) func registerCommand(name string, order int, c func(app commandHost)) { diff --git a/cli/util.go b/cli/util.go index 9634c4cb..63b0d8c1 100644 --- a/cli/util.go +++ b/cli/util.go @@ -17,6 +17,7 @@ import ( "bufio" "bytes" "context" + "crypto/tls" "encoding/base64" "encoding/json" "errors" @@ -307,6 +308,10 @@ func natsOpts() []nats.Option { connectionName = "NATS CLI Version " + Version } + if opts().TlsInsecure { + copts = append(copts, nats.Secure(&tls.Config{InsecureSkipVerify: true})) + } + return append(copts, []nats.Option{ nats.Name(connectionName), nats.MaxReconnects(-1), diff --git a/nats/main.go b/nats/main.go index f961702f..ebd7b057 100644 --- a/nats/main.go +++ b/nats/main.go @@ -57,6 +57,7 @@ See 'nats cheat' for a quick cheatsheet of commands` ncli.Flag("tlskey", "TLS private key").Envar("NATS_KEY").PlaceHolder("FILE").ExistingFileVar(&opts.TlsKey) ncli.Flag("tlsca", "TLS certificate authority chain").Envar("NATS_CA").PlaceHolder("FILE").ExistingFileVar(&opts.TlsCA) ncli.Flag("tlsfirst", "Perform TLS handshake before expecting the server greeting").BoolVar(&opts.TlsFirst) + ncli.Flag("tlsinsecure", "Disable TLS Certificate Verification").Envar("NATS_TLSINSECURE").BoolVar(&opts.TlsInsecure) if runtime.GOOS == "windows" { ncli.Flag("certstore", "Uses a Windows Certificate Store for TLS (user, machine)").PlaceHolder("TYPE").EnumVar(&opts.WinCertStoreType, "user", "windowscurrentuser", "machine", "windowslocalmachine") ncli.Flag("certstore-match", "Which certificate to use in the store").PlaceHolder("QUERY").StringVar(&opts.WinCertStoreMatch) diff --git a/options/options.go b/options/options.go index 867306c6..6a8b1b9d 100644 --- a/options/options.go +++ b/options/options.go @@ -36,6 +36,8 @@ type Options struct { TlsKey string // TlsCA is the certificate authority to verify the connection with TlsCA string + // TlsInsecure Disable TLS Certificate Verification + TlsInsecure bool // Timeout is how long to wait for operations Timeout time.Duration // ConnectionName is the name to use for the underlying NATS connection