tlsutil: fix default server name for health checks
Don't use the agent node name or agent server name when EnableAgentTLSForChecks=false.
This commit is contained in:
parent
2bfdd8ceed
commit
6de514fbd1
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:bug
|
||||||
|
checks: fixes the default ServerName used with TLS health checks.
|
||||||
|
```
|
|
@ -720,10 +720,6 @@ func (c *Configurator) IncomingHTTPSConfig() *tls.Config {
|
||||||
func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName string) *tls.Config {
|
func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName string) *tls.Config {
|
||||||
c.log("OutgoingTLSConfigForCheck")
|
c.log("OutgoingTLSConfigForCheck")
|
||||||
|
|
||||||
if serverName == "" {
|
|
||||||
serverName = c.serverNameOrNodeName()
|
|
||||||
}
|
|
||||||
|
|
||||||
if !c.enableAgentTLSForChecks() {
|
if !c.enableAgentTLSForChecks() {
|
||||||
return &tls.Config{
|
return &tls.Config{
|
||||||
InsecureSkipVerify: skipVerify,
|
InsecureSkipVerify: skipVerify,
|
||||||
|
@ -731,6 +727,9 @@ func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName str
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if serverName == "" {
|
||||||
|
serverName = c.serverNameOrNodeName()
|
||||||
|
}
|
||||||
config := c.commonTLSConfig(false)
|
config := c.commonTLSConfig(false)
|
||||||
config.InsecureSkipVerify = skipVerify
|
config.InsecureSkipVerify = skipVerify
|
||||||
config.ServerName = serverName
|
config.ServerName = serverName
|
||||||
|
|
|
@ -948,6 +948,34 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
|
||||||
skipVerify: true,
|
skipVerify: true,
|
||||||
expected: &tls.Config{InsecureSkipVerify: true},
|
expected: &tls.Config{InsecureSkipVerify: true},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "default tls, skip verify, default server name",
|
||||||
|
conf: func() (*Configurator, error) {
|
||||||
|
return NewConfigurator(Config{
|
||||||
|
TLSMinVersion: "tls12",
|
||||||
|
EnableAgentTLSForChecks: false,
|
||||||
|
ServerName: "servername",
|
||||||
|
}, nil)
|
||||||
|
},
|
||||||
|
skipVerify: true,
|
||||||
|
expected: &tls.Config{InsecureSkipVerify: true},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "default tls, skip verify, check server name",
|
||||||
|
conf: func() (*Configurator, error) {
|
||||||
|
return NewConfigurator(Config{
|
||||||
|
TLSMinVersion: "tls12",
|
||||||
|
EnableAgentTLSForChecks: false,
|
||||||
|
ServerName: "servername",
|
||||||
|
}, nil)
|
||||||
|
},
|
||||||
|
skipVerify: true,
|
||||||
|
serverName: "check-server-name",
|
||||||
|
expected: &tls.Config{
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
ServerName: "check-server-name",
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "agent tls, skip verify, default server name",
|
name: "agent tls, skip verify, default server name",
|
||||||
conf: func() (*Configurator, error) {
|
conf: func() (*Configurator, error) {
|
||||||
|
|
Loading…
Reference in New Issue