Remove TLSSkipVerify from server

2026-02-11 18:16:24 +05:00 · 2018-10-17 02:31:17 -04:00
parent 348221b28c
commit 56cdf80db8
6 changed files with 10 additions and 21 deletions
--- a/cmd/cgr-engine/cgr-engine.go
+++ b/cmd/cgr-engine/cgr-engine.go
@@ -1142,7 +1142,6 @@ func startRpc(server *utils.Server, internalRaterChan,
 				cfg.RPCGOBTLSListen,
 				cfg.TLSServerCerificate,
 				cfg.TLSServerKey,
-				cfg.TLSSkipVerify,
 			)
 		}
 	}
@@ -1154,7 +1153,6 @@ func startRpc(server *utils.Server, internalRaterChan,
 				cfg.RPCJSONTLSListen,
 				cfg.TLSServerCerificate,
 				cfg.TLSServerKey,
-				cfg.TLSSkipVerify,
 			)
 		}
 	}
@@ -1166,7 +1164,6 @@ func startRpc(server *utils.Server, internalRaterChan,
 				cfg.HTTPTLSListen,
 				cfg.TLSServerCerificate,
 				cfg.TLSServerKey,
-				cfg.TLSSkipVerify,
 				cfg.HTTPJsonRPCURL,
 				cfg.HTTPWSURL,
 				cfg.HTTPUseBasicAuth,
--- a/config/config.go
+++ b/config/config.go
@@ -265,7 +265,6 @@ type CGRConfig struct {
 	TLSServerKey             string            // path to server key
 	TLSClientCerificate      string            // path to client certificate
 	TLSClientKey             string            // path to client key
-	TLSSkipVerify            bool              // skip verification
 	HTTPJsonRPCURL           string            // JSON RPC relative URL ("" to disable)
 	HTTPFreeswitchCDRsURL    string            // Freeswitch CDRS relative URL ("" to disable)
 	HTTPCDRsURL              string            // CDRS relative URL ("" to disable)
@@ -919,9 +918,6 @@ func (self *CGRConfig) loadFromJsonCfg(jsnCfg *CgrJsonCfg) (err error) {
 		if jsnListenCfg.Tls_client_key != nil && *jsnListenCfg.Tls_client_key != "" {
 			self.TLSClientKey = *jsnListenCfg.Tls_client_key
 		}
-		if jsnListenCfg.Tls_skip_verify != nil {
-			self.TLSSkipVerify = *jsnListenCfg.Tls_skip_verify
-		}
 	}

 	if jsnHttpCfg != nil {
--- a/config/config_defaults.go
+++ b/config/config_defaults.go
@@ -89,7 +89,6 @@ const CGRATES_CFG_JSON = `
 	"tls_server_key":"",					// path to server key
 	"tls_client_certificate" : "",			// path to client certificate(must conatin client.crt + ca.crt)
 	"tls_client_key":"",					// path to client key
-	"tls_skip_verify":false,				// skip tls verification
 },


--- a/config/config_json_test.go
+++ b/config/config_json_test.go
@@ -180,7 +180,6 @@ func TestDfListenJsonCfg(t *testing.T) {
 		Tls_server_key:         utils.StringPointer(""),
 		Tls_client_certificate: utils.StringPointer(""),
 		Tls_client_key:         utils.StringPointer(""),
-		Tls_skip_verify:        utils.BoolPointer(false),
 	}
 	if cfg, err := dfCgrJsonCfg.ListenJsonCfg(); err != nil {
 		t.Error(err)
--- a/config/libconfig_json.go
+++ b/config/libconfig_json.go
@@ -56,7 +56,6 @@ type ListenJsonCfg struct {
 	Tls_server_key         *string
 	Tls_client_certificate *string
 	Tls_client_key         *string
-	Tls_skip_verify        *bool
 }

 // HTTP config section
--- a/utils/server.go
+++ b/utils/server.go
@@ -291,7 +291,7 @@ func (r *rpcRequest) Call() io.Reader {
 	return r.rw
 }

-func loadTLSConfig(serverCrt, serverKey string, skipVerify bool) (config tls.Config, err error) {
+func loadTLSConfig(serverCrt, serverKey string) (config tls.Config, err error) {
 	cert, err := tls.LoadX509KeyPair(serverCrt, serverKey)
 	if err != nil {
 		log.Fatalf("Error: %s when load server keys", err)
@@ -306,23 +306,22 @@ func loadTLSConfig(serverCrt, serverKey string, skipVerify bool) (config tls.Con
 	certPool := x509.NewCertPool()
 	certPool.AddCert(ca)
 	config = tls.Config{
-		Certificates:       []tls.Certificate{cert},
-		ClientAuth:         tls.RequireAndVerifyClientCert,
-		ClientCAs:          certPool,
-		InsecureSkipVerify: skipVerify,
+		Certificates: []tls.Certificate{cert},
+		ClientAuth:   tls.RequireAndVerifyClientCert,
+		ClientCAs:    certPool,
 	}
 	config.Rand = rand.Reader
 	return
 }

-func (s *Server) ServeGOBTLS(addr, serverCrt, serverKey string, skipVerify bool) {
+func (s *Server) ServeGOBTLS(addr, serverCrt, serverKey string) {
 	s.RLock()
 	enabled := s.rpcEnabled
 	s.RUnlock()
 	if !enabled {
 		return
 	}
-	config, err := loadTLSConfig(serverCrt, serverKey, skipVerify)
+	config, err := loadTLSConfig(serverCrt, serverKey)
 	if err != nil {
 		return
 	}
@@ -355,14 +354,14 @@ func (s *Server) ServeGOBTLS(addr, serverCrt, serverKey string, skipVerify bool)
 	}
 }

-func (s *Server) ServeJSONTLS(addr, serverCrt, serverKey string, skipVerify bool) {
+func (s *Server) ServeJSONTLS(addr, serverCrt, serverKey string) {
 	s.RLock()
 	enabled := s.rpcEnabled
 	s.RUnlock()
 	if !enabled {
 		return
 	}
-	config, err := loadTLSConfig(serverCrt, serverKey, skipVerify)
+	config, err := loadTLSConfig(serverCrt, serverKey)
 	if err != nil {
 		return
 	}
@@ -393,7 +392,7 @@ func (s *Server) ServeJSONTLS(addr, serverCrt, serverKey string, skipVerify bool
 	}
 }

-func (s *Server) ServeHTTPTLS(addr, serverCrt, serverKey string, skipVerify bool, jsonRPCURL string, wsRPCURL string,
+func (s *Server) ServeHTTPTLS(addr, serverCrt, serverKey string, jsonRPCURL string, wsRPCURL string,
 	useBasicAuth bool, userList map[string]string) {
 	s.RLock()
 	enabled := s.rpcEnabled
@@ -435,7 +434,7 @@ func (s *Server) ServeHTTPTLS(addr, serverCrt, serverKey string, skipVerify bool
 	if useBasicAuth {
 		Logger.Info("<HTTPTLS> enabling basic auth")
 	}
-	config, err := loadTLSConfig(serverCrt, serverKey, skipVerify)
+	config, err := loadTLSConfig(serverCrt, serverKey)
 	if err != nil {
 		return
 	}