Fix consul.verify_ssl

Was getting ignored and would have defaulted to false if it wasn't ignored. Now defaults to true as per docs and isn't ignored.
2017-05-15 15:32:32 -07:00 · 2017-05-15 15:32:32 -07:00 · a4e2463477
parent 5fd438661d
commit a4e2463477
1 changed files with 3 additions and 13 deletions
--- a/nomad/structs/config/consul.go
+++ b/nomad/structs/config/consul.go
@ -1,8 +1,6 @@
 package config

 import (
-	"fmt"
-	"net/http"
 	"strings"
 	"time"

@ -84,7 +82,7 @@ func DefaultConsulConfig() *ConsulConfig {
 		AutoAdvertise:      helper.BoolToPtr(true),
 		ChecksUseAdvertise: helper.BoolToPtr(false),
 		EnableSSL:          helper.BoolToPtr(false),
-		VerifySSL:          helper.BoolToPtr(false),
+		VerifySSL:          helper.BoolToPtr(true),
 		ServerAutoJoin:     helper.BoolToPtr(true),
 		ClientAutoJoin:     helper.BoolToPtr(true),
 		Timeout:            5 * time.Second,
@ -173,22 +171,14 @@ func (c *ConsulConfig) ApiConfig() (*consul.Config, error) {
 	}
 	if c.EnableSSL != nil && *c.EnableSSL {
 		config.Scheme = "https"
-		tlsConfig := consul.TLSConfig{
+		config.TLSConfig = consul.TLSConfig{
 			Address:  config.Address,
 			CAFile:   c.CAFile,
 			CertFile: c.CertFile,
 			KeyFile:  c.KeyFile,
 		}
 		if c.VerifySSL != nil {
-			tlsConfig.InsecureSkipVerify = !*c.VerifySSL
-		}
-
-		tlsClientCfg, err := consul.SetupTLSConfig(&tlsConfig)
-		if err != nil {
-			return nil, fmt.Errorf("error creating tls client config for consul: %v", err)
-		}
-		config.HttpClient.Transport = &http.Transport{
-			TLSClientConfig: tlsClientCfg,
+			config.TLSConfig.InsecureSkipVerify = !*c.VerifySSL
 		}
 	}