diff --git a/cmd/cgr-engine/cgr-engine.go b/cmd/cgr-engine/cgr-engine.go index f7ab5ec91..665f1f708 100644 --- a/cmd/cgr-engine/cgr-engine.go +++ b/cmd/cgr-engine/cgr-engine.go @@ -1142,7 +1142,6 @@ func startRpc(server *utils.Server, internalRaterChan, cfg.RPCGOBTLSListen, cfg.TLSServerCerificate, cfg.TLSServerKey, - cfg.TLSSkipVerify, ) } } @@ -1154,7 +1153,6 @@ func startRpc(server *utils.Server, internalRaterChan, cfg.RPCJSONTLSListen, cfg.TLSServerCerificate, cfg.TLSServerKey, - cfg.TLSSkipVerify, ) } } @@ -1166,7 +1164,6 @@ func startRpc(server *utils.Server, internalRaterChan, cfg.HTTPTLSListen, cfg.TLSServerCerificate, cfg.TLSServerKey, - cfg.TLSSkipVerify, cfg.HTTPJsonRPCURL, cfg.HTTPWSURL, cfg.HTTPUseBasicAuth, diff --git a/config/config.go b/config/config.go index ef8cef31c..96165c153 100755 --- a/config/config.go +++ b/config/config.go @@ -265,7 +265,6 @@ type CGRConfig struct { TLSServerKey string // path to server key TLSClientCerificate string // path to client certificate TLSClientKey string // path to client key - TLSSkipVerify bool // skip verification HTTPJsonRPCURL string // JSON RPC relative URL ("" to disable) HTTPFreeswitchCDRsURL string // Freeswitch CDRS relative URL ("" to disable) HTTPCDRsURL string // CDRS relative URL ("" to disable) @@ -919,9 +918,6 @@ func (self *CGRConfig) loadFromJsonCfg(jsnCfg *CgrJsonCfg) (err error) { if jsnListenCfg.Tls_client_key != nil && *jsnListenCfg.Tls_client_key != "" { self.TLSClientKey = *jsnListenCfg.Tls_client_key } - if jsnListenCfg.Tls_skip_verify != nil { - self.TLSSkipVerify = *jsnListenCfg.Tls_skip_verify - } } if jsnHttpCfg != nil { diff --git a/config/config_defaults.go b/config/config_defaults.go index a236bcac6..1f687d59a 100755 --- a/config/config_defaults.go +++ b/config/config_defaults.go @@ -89,7 +89,6 @@ const CGRATES_CFG_JSON = ` "tls_server_key":"", // path to server key "tls_client_certificate" : "", // path to client certificate(must conatin client.crt + ca.crt) "tls_client_key":"", // path to client key - "tls_skip_verify":false, // skip tls verification }, diff --git a/config/config_json_test.go b/config/config_json_test.go index 3e3a3929c..bf09494af 100755 --- a/config/config_json_test.go +++ b/config/config_json_test.go @@ -180,7 +180,6 @@ func TestDfListenJsonCfg(t *testing.T) { Tls_server_key: utils.StringPointer(""), Tls_client_certificate: utils.StringPointer(""), Tls_client_key: utils.StringPointer(""), - Tls_skip_verify: utils.BoolPointer(false), } if cfg, err := dfCgrJsonCfg.ListenJsonCfg(); err != nil { t.Error(err) diff --git a/config/libconfig_json.go b/config/libconfig_json.go index 495b08920..f2887a4eb 100755 --- a/config/libconfig_json.go +++ b/config/libconfig_json.go @@ -56,7 +56,6 @@ type ListenJsonCfg struct { Tls_server_key *string Tls_client_certificate *string Tls_client_key *string - Tls_skip_verify *bool } // HTTP config section diff --git a/utils/server.go b/utils/server.go index c86da53c5..bbafb29fc 100644 --- a/utils/server.go +++ b/utils/server.go @@ -291,7 +291,7 @@ func (r *rpcRequest) Call() io.Reader { return r.rw } -func loadTLSConfig(serverCrt, serverKey string, skipVerify bool) (config tls.Config, err error) { +func loadTLSConfig(serverCrt, serverKey string) (config tls.Config, err error) { cert, err := tls.LoadX509KeyPair(serverCrt, serverKey) if err != nil { log.Fatalf("Error: %s when load server keys", err) @@ -306,23 +306,22 @@ func loadTLSConfig(serverCrt, serverKey string, skipVerify bool) (config tls.Con certPool := x509.NewCertPool() certPool.AddCert(ca) config = tls.Config{ - Certificates: []tls.Certificate{cert}, - ClientAuth: tls.RequireAndVerifyClientCert, - ClientCAs: certPool, - InsecureSkipVerify: skipVerify, + Certificates: []tls.Certificate{cert}, + ClientAuth: tls.RequireAndVerifyClientCert, + ClientCAs: certPool, } config.Rand = rand.Reader return } -func (s *Server) ServeGOBTLS(addr, serverCrt, serverKey string, skipVerify bool) { +func (s *Server) ServeGOBTLS(addr, serverCrt, serverKey string) { s.RLock() enabled := s.rpcEnabled s.RUnlock() if !enabled { return } - config, err := loadTLSConfig(serverCrt, serverKey, skipVerify) + config, err := loadTLSConfig(serverCrt, serverKey) if err != nil { return } @@ -355,14 +354,14 @@ func (s *Server) ServeGOBTLS(addr, serverCrt, serverKey string, skipVerify bool) } } -func (s *Server) ServeJSONTLS(addr, serverCrt, serverKey string, skipVerify bool) { +func (s *Server) ServeJSONTLS(addr, serverCrt, serverKey string) { s.RLock() enabled := s.rpcEnabled s.RUnlock() if !enabled { return } - config, err := loadTLSConfig(serverCrt, serverKey, skipVerify) + config, err := loadTLSConfig(serverCrt, serverKey) if err != nil { return } @@ -393,7 +392,7 @@ func (s *Server) ServeJSONTLS(addr, serverCrt, serverKey string, skipVerify bool } } -func (s *Server) ServeHTTPTLS(addr, serverCrt, serverKey string, skipVerify bool, jsonRPCURL string, wsRPCURL string, +func (s *Server) ServeHTTPTLS(addr, serverCrt, serverKey string, jsonRPCURL string, wsRPCURL string, useBasicAuth bool, userList map[string]string) { s.RLock() enabled := s.rpcEnabled @@ -435,7 +434,7 @@ func (s *Server) ServeHTTPTLS(addr, serverCrt, serverKey string, skipVerify bool if useBasicAuth { Logger.Info(" enabling basic auth") } - config, err := loadTLSConfig(serverCrt, serverKey, skipVerify) + config, err := loadTLSConfig(serverCrt, serverKey) if err != nil { return }