You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2017/10/18 18:27:25 UTC

[GitHub] houshengbo commented on a change in pull request #2864: Add the support of certificate checking for secure mode

houshengbo commented on a change in pull request #2864: Add the support of certificate checking for secure mode
URL: https://github.com/apache/incubator-openwhisk/pull/2864#discussion_r145501655
 
 

 ##########
 File path: tools/cli/go-whisk/whisk/client.go
 ##########
 @@ -94,30 +94,39 @@ var DefaultObfuscateArr = []ObfuscateSet{
 
 func NewClient(httpClient *http.Client, config *Config) (*Client, error) {
 
+    if httpClient == nil {
+        httpClient = http.DefaultClient
+    }
+
     // Disable certificate checking in the dev environment if in insecure mode
+    var tlsConfig *tls.Config
     if config.Insecure {
         Debug(DbgInfo, "Disabling certificate checking.\n")
-        var tlsConfig *tls.Config
+        tlsConfig = &tls.Config{
+            InsecureSkipVerify: true,
+        }
         if config.Cert != "" && config.Key != "" {
-            if cert, err := tls.LoadX509KeyPair(config.Cert, config.Key); err == nil {
+            if cert, err := ReadX509KeyPair(config.Cert, config.Key); err == nil {
                 tlsConfig = &tls.Config{
                     Certificates: []tls.Certificate{cert},
                     InsecureSkipVerify: true,
                 }
             }
-        }else{
-            tlsConfig = &tls.Config{
-                InsecureSkipVerify: true,
-            }
         }
-
-        http.DefaultClient.Transport = &http.Transport{
-            TLSClientConfig: tlsConfig,
+    } else {
+        // Enable certificate checking in the environment for secure mode
+        Debug(DbgInfo, "Enabling certificate checking.\n")
+        if config.Cert != "" && config.Key != "" {
+            if cert, err := ReadX509KeyPair(config.Cert, config.Key); err == nil {
+                tlsConfig = &tls.Config{
+                    Certificates: []tls.Certificate{cert},
+                }
+            }
         }
     }
 
-    if httpClient == nil {
-        httpClient = http.DefaultClient
+    httpClient.Transport = &http.Transport{
 
 Review comment:
   Yes, I just changed the PR by adding 
   tlsConfig = &tls.Config {
          InsecureSkipVerify: config.Insecure,
   }
   tlsConfig will hve a default value based on the config.Insecure, no matter cert or key is available.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services