From a4e246347724a30c647914be90a6bd4f8808bfb4 Mon Sep 17 00:00:00 2001 From: Michael Schurter Date: Mon, 15 May 2017 15:32:32 -0700 Subject: [PATCH] Fix consul.verify_ssl Was getting ignored and would have defaulted to false if it wasn't ignored. Now defaults to true as per docs and isn't ignored. --- nomad/structs/config/consul.go | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/nomad/structs/config/consul.go b/nomad/structs/config/consul.go index 5f7862fdf..17d2218cf 100644 --- a/nomad/structs/config/consul.go +++ b/nomad/structs/config/consul.go @@ -1,8 +1,6 @@ package config import ( - "fmt" - "net/http" "strings" "time" @@ -84,7 +82,7 @@ func DefaultConsulConfig() *ConsulConfig { AutoAdvertise: helper.BoolToPtr(true), ChecksUseAdvertise: helper.BoolToPtr(false), EnableSSL: helper.BoolToPtr(false), - VerifySSL: helper.BoolToPtr(false), + VerifySSL: helper.BoolToPtr(true), ServerAutoJoin: helper.BoolToPtr(true), ClientAutoJoin: helper.BoolToPtr(true), Timeout: 5 * time.Second, @@ -173,22 +171,14 @@ func (c *ConsulConfig) ApiConfig() (*consul.Config, error) { } if c.EnableSSL != nil && *c.EnableSSL { config.Scheme = "https" - tlsConfig := consul.TLSConfig{ + config.TLSConfig = consul.TLSConfig{ Address: config.Address, CAFile: c.CAFile, CertFile: c.CertFile, KeyFile: c.KeyFile, } if c.VerifySSL != nil { - tlsConfig.InsecureSkipVerify = !*c.VerifySSL - } - - tlsClientCfg, err := consul.SetupTLSConfig(&tlsConfig) - if err != nil { - return nil, fmt.Errorf("error creating tls client config for consul: %v", err) - } - config.HttpClient.Transport = &http.Transport{ - TLSClientConfig: tlsClientCfg, + config.TLSConfig.InsecureSkipVerify = !*c.VerifySSL } }