Configuration - Fixed tls_skip_verify

This commit is contained in:
Emmanuel BENOîT 2021-12-05 17:21:52 +01:00
parent 29ab0fd8f0
commit dad5a17d36
2 changed files with 7 additions and 4 deletions

View file

@ -30,7 +30,7 @@ type (
tLdapConnectionConfig struct { tLdapConnectionConfig struct {
Port uint16 `yaml:"port"` Port uint16 `yaml:"port"`
TLS string `yaml:"tls"` TLS string `yaml:"tls"`
TLSNoVerify bool `yaml:"tls_skip_verify"` TLSNoVerify *bool `yaml:"tls_skip_verify"`
CaChain string `yaml:"ca_chain"` CaChain string `yaml:"ca_chain"`
BindUser string `yaml:"bind_user"` BindUser string `yaml:"bind_user"`
BindPassword string `yaml:"bind_password"` BindPassword string `yaml:"bind_password"`
@ -168,7 +168,9 @@ func (c *tLdapServerConfig) ApplyDefaults(dft tLdapConnectionConfig) {
if c.TLS == "" { if c.TLS == "" {
c.TLS = dft.TLS c.TLS = dft.TLS
} }
// FIXME: I have no clue how I should handle TLSNoVerify if c.TLSNoVerify == nil {
c.TLSNoVerify = dft.TLSNoVerify
}
if c.CaChain == "" { if c.CaChain == "" {
c.CaChain = dft.CaChain c.CaChain = dft.CaChain
} }

View file

@ -62,8 +62,9 @@ func getLdapServerConnection(cfg tLdapConfig, server int) *tLdapConn {
}) })
log.Trace("Establishing LDAP connection") log.Trace("Establishing LDAP connection")
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{}
InsecureSkipVerify: scfg.TLSNoVerify, if scfg.TLSNoVerify != nil {
tlsConfig.InsecureSkipVerify = *scfg.TLSNoVerify
} }
if scfg.TLS != "no" && scfg.CaChain != "" { if scfg.TLS != "no" && scfg.CaChain != "" {
log := log.WithField("cachain", scfg.CaChain) log := log.WithField("cachain", scfg.CaChain)