You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2017/10/18 18:27:25 UTC
[GitHub] houshengbo commented on a change in pull request #2864: Add the support of certificate checking for secure mode
houshengbo commented on a change in pull request #2864: Add the support of certificate checking for secure mode
URL: https://github.com/apache/incubator-openwhisk/pull/2864#discussion_r145501655
##########
File path: tools/cli/go-whisk/whisk/client.go
##########
@@ -94,30 +94,39 @@ var DefaultObfuscateArr = []ObfuscateSet{
func NewClient(httpClient *http.Client, config *Config) (*Client, error) {
+ if httpClient == nil {
+ httpClient = http.DefaultClient
+ }
+
// Disable certificate checking in the dev environment if in insecure mode
+ var tlsConfig *tls.Config
if config.Insecure {
Debug(DbgInfo, "Disabling certificate checking.\n")
- var tlsConfig *tls.Config
+ tlsConfig = &tls.Config{
+ InsecureSkipVerify: true,
+ }
if config.Cert != "" && config.Key != "" {
- if cert, err := tls.LoadX509KeyPair(config.Cert, config.Key); err == nil {
+ if cert, err := ReadX509KeyPair(config.Cert, config.Key); err == nil {
tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
InsecureSkipVerify: true,
}
}
- }else{
- tlsConfig = &tls.Config{
- InsecureSkipVerify: true,
- }
}
-
- http.DefaultClient.Transport = &http.Transport{
- TLSClientConfig: tlsConfig,
+ } else {
+ // Enable certificate checking in the environment for secure mode
+ Debug(DbgInfo, "Enabling certificate checking.\n")
+ if config.Cert != "" && config.Key != "" {
+ if cert, err := ReadX509KeyPair(config.Cert, config.Key); err == nil {
+ tlsConfig = &tls.Config{
+ Certificates: []tls.Certificate{cert},
+ }
+ }
}
}
- if httpClient == nil {
- httpClient = http.DefaultClient
+ httpClient.Transport = &http.Transport{
Review comment:
Yes, I just changed the PR by adding
tlsConfig = &tls.Config {
InsecureSkipVerify: config.Insecure,
}
tlsConfig will hve a default value based on the config.Insecure, no matter cert or key is available.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services