Commit Graph

19 Commits

Author SHA1 Message Date
Nelson Elhage 0a2476b20e Restore the 0.2 TLS verification behavior.
Namely, don't check the DNS names in TLS certificates when connecting to
other servers.

As of golang 1.3, crypto/tls no longer natively supports doing partial
verification (verifying the cert issuer but not the hostname), so we
have to disable verification entirely and then do the issuer
verification ourselves. Fortunately, crypto/x509 makes this relatively
straightforward.

If the "server_name" configuration option is passed, we preserve the
existing behavior of checking that server name everywhere.

No option is provided to retain the current behavior of checking the
remote certificate against the local node name, since that behavior
seems clearly buggy and unintentional, and I have difficulty imagining
it is actually being used anywhere. It would be relatively
straightforward to restore if desired, however.
2014-06-28 13:32:42 -07:00
Robert B Gordon 987c078957 Seems like we should actually check the reference count. 2014-06-13 11:25:01 -05:00
Armon Dadgar 06cd40d1e7 consul: fixing use of nil log output. Fixes #203 2014-06-09 11:16:53 -07:00
Armon Dadgar c656bbfbcf Rename shared msgpack handle 2014-06-08 14:02:42 -07:00
Andrew M Bursavich d209517d50 reuse codec.MsgpackHandle 2014-06-07 01:13:38 -07:00
Armon Dadgar 09a988e8d4 consul: Conn pool clean, spare existing streams 2014-05-28 16:55:39 -07:00
Armon Dadgar 319ab05b8c consul: Provide logger to yamux 2014-05-28 16:32:25 -07:00
Armon Dadgar d4a62e7c0d consul: ensure connections are properly closed 2014-05-28 16:32:24 -07:00
Armon Dadgar a79c3d2103 consul: Pool client connections, support for yamux connections 2014-05-28 16:32:24 -07:00
Armon Dadgar 5b18b000f2 consul: Connection pool supports TLS mode 2014-04-07 15:06:59 -07:00
Armon Dadgar ba765b193f consul: ConnPool multiplexes a single connection instead of using multiple 2014-02-05 16:19:05 -08:00
Armon Dadgar e9c0493c9e consul: Make some ConnPool methods private 2014-02-05 15:30:19 -08:00
Armon Dadgar 1b84705cb3 consul: ensure conn pool shutdown is fast 2014-02-05 14:20:18 -08:00
Armon Dadgar ac15ca1139 Better error logging 2013-12-24 12:22:42 -08:00
Armon Dadgar 32c822db1b Adding time based reaping to ConnPool 2013-12-19 15:42:17 -08:00
Armon Dadgar a8a9d2cd45 consul: helper to make RPC calls 2013-12-09 14:58:49 -08:00
Armon Dadgar f7f743dfa9 consul: ConnPool creates RPC client 2013-12-09 14:52:22 -08:00
Armon Dadgar c28ebbf60f consul: Write the byte to set the RPC mode 2013-12-09 14:29:20 -08:00
Armon Dadgar 205941ffcf consul: adding connection pool 2013-12-09 12:09:57 -08:00