tlsutil: fix default server name for health checks
Don't use the agent node name or agent server name when EnableAgentTLSForChecks=false.
This commit is contained in:
parent
2bfdd8ceed
commit
6de514fbd1
|
@ -0,0 +1,3 @@
|
|||
```release-note:bug
|
||||
checks: fixes the default ServerName used with TLS health checks.
|
||||
```
|
|
@ -720,10 +720,6 @@ func (c *Configurator) IncomingHTTPSConfig() *tls.Config {
|
|||
func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName string) *tls.Config {
|
||||
c.log("OutgoingTLSConfigForCheck")
|
||||
|
||||
if serverName == "" {
|
||||
serverName = c.serverNameOrNodeName()
|
||||
}
|
||||
|
||||
if !c.enableAgentTLSForChecks() {
|
||||
return &tls.Config{
|
||||
InsecureSkipVerify: skipVerify,
|
||||
|
@ -731,6 +727,9 @@ func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName str
|
|||
}
|
||||
}
|
||||
|
||||
if serverName == "" {
|
||||
serverName = c.serverNameOrNodeName()
|
||||
}
|
||||
config := c.commonTLSConfig(false)
|
||||
config.InsecureSkipVerify = skipVerify
|
||||
config.ServerName = serverName
|
||||
|
|
|
@ -948,6 +948,34 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
|
|||
skipVerify: true,
|
||||
expected: &tls.Config{InsecureSkipVerify: true},
|
||||
},
|
||||
{
|
||||
name: "default tls, skip verify, default server name",
|
||||
conf: func() (*Configurator, error) {
|
||||
return NewConfigurator(Config{
|
||||
TLSMinVersion: "tls12",
|
||||
EnableAgentTLSForChecks: false,
|
||||
ServerName: "servername",
|
||||
}, nil)
|
||||
},
|
||||
skipVerify: true,
|
||||
expected: &tls.Config{InsecureSkipVerify: true},
|
||||
},
|
||||
{
|
||||
name: "default tls, skip verify, check server name",
|
||||
conf: func() (*Configurator, error) {
|
||||
return NewConfigurator(Config{
|
||||
TLSMinVersion: "tls12",
|
||||
EnableAgentTLSForChecks: false,
|
||||
ServerName: "servername",
|
||||
}, nil)
|
||||
},
|
||||
skipVerify: true,
|
||||
serverName: "check-server-name",
|
||||
expected: &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
ServerName: "check-server-name",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "agent tls, skip verify, default server name",
|
||||
conf: func() (*Configurator, error) {
|
||||
|
|
Loading…
Reference in New Issue