config: remove misleading UseTLS field

This field was documented as enabling TLS for outgoing RPC, but that was not the case.
All this field did was set the use_tls serf tag.

Instead of setting this field in a place far from where it is used, move the logic to where
the serf tag is set, so that the code is much more obvious.

agent/agent.go

@@ -1200,10 +1200,6 @@ func newConsulConfig(runtimeCfg *config.RuntimeConfig, logger hclog.Logger) (*co
 
 	cfg.TLSConfig = runtimeCfg.ToTLSUtilConfig()
 
-	// Copy the TLS configuration
-	if runtimeCfg.CAPath != "" || runtimeCfg.CAFile != "" {
-		cfg.UseTLS = true
-	}
 	cfg.DefaultQueryTime = runtimeCfg.DefaultQueryTime
 	cfg.MaxQueryTime = runtimeCfg.MaxQueryTime
 

agent/consul/config.go

@@ -160,10 +160,6 @@ type Config struct {
 
 	TLSConfig tlsutil.Config
 
-	// UseTLS is used to enable TLS for outgoing connections to other TLS-capable Consul
-	// servers. This doesn't imply any verification, it only enables TLS if possible.
-	UseTLS bool
-
 	// RejoinAfterLeave controls our interaction with Serf.
 	// When set to false (default), a leave causes a Consul to not rejoin
 	// the cluster until an explicit join is received. If this is set to

agent/consul/rpc_test.go

@@ -442,7 +442,6 @@ func TestRPC_TLSHandshakeTimeout(t *testing.T) {
 
 	dir1, s1 := testServerWithConfig(t, func(c *Config) {
 		c.RPCHandshakeTimeout = 10 * time.Millisecond
-		c.UseTLS = true
 		c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
 		c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
 		c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"
@@ -539,7 +538,6 @@ func TestRPC_PreventsTLSNesting(t *testing.T) {
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
 			dir1, s1 := testServerWithConfig(t, func(c *Config) {
-				c.UseTLS = true
 				c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
 				c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
 				c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"
@@ -695,7 +693,6 @@ func TestRPC_RPCMaxConnsPerClient(t *testing.T) {
 			dir1, s1 := testServerWithConfig(t, func(c *Config) {
 				c.RPCMaxConnsPerClient = 2
 				if tc.tlsEnabled {
-					c.UseTLS = true
 					c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
 					c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
 					c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"

agent/consul/server.go

@@ -327,11 +327,6 @@ func NewServer(config *Config, flat Deps) (*Server, error) {
 		return nil, err
 	}
 
-	// TODO: this is duplicated in newConsulConfig, do it in only on place
-	if config.TLSConfig.CAFile != "" || config.TLSConfig.CAPath != "" {
-		config.UseTLS = true
-	}
-
 	// Set the primary DC if it wasn't set.
 	if config.PrimaryDatacenter == "" {
 		if config.ACLDatacenter != "" {

agent/consul/server_serf.go

@@ -68,7 +68,7 @@ func (s *Server) setupSerf(conf *serf.Config, ch chan serf.Event, path string, w
 		conf.Tags["nonvoter"] = "1"
 		conf.Tags["read_replica"] = "1"
 	}
-	if s.config.UseTLS {
+	if s.config.TLSConfig.CAPath != "" || s.config.TLSConfig.CAFile != "" {
 		conf.Tags["use_tls"] = "1"
 	}