reduce to one configuration option

There should be just one option, verify_https_client, which controls incoming and outgoing validation for the HTTPS wrapper
hashicorp · Apr 28, 2017 · a4ad6eb · a4ad6eb
1 parent 6ca0575
commit a4ad6eb
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 17 deletions.
diff --git a/command/agent/config-test-fixtures/basic.hcl b/command/agent/config-test-fixtures/basic.hcl
@@ -138,6 +138,5 @@ tls {
     ca_file = "foo"
     cert_file = "bar"
     key_file = "pipe"
-    verify_incoming = true
-    verify_outgoing = true
+    verify_https_client = true
 }
diff --git a/command/agent/config_parse.go b/command/agent/config_parse.go
@@ -689,8 +689,7 @@ func parseTLSConfig(result **config.TLSConfig, list *ast.ObjectList) error {
 		"ca_file",
 		"cert_file",
 		"key_file",
-		"verify_incoming",
-		"verify_outgoing",
+		"verify_https_client",
 	}
 
 	if err := checkHCLKeys(listVal, valid); err != nil {

diff --git a/command/agent/http.go b/command/agent/http.go
@@ -65,8 +65,8 @@ func NewHTTPServer(agent *Agent, config *Config) (*HTTPServer, error) {
 	// If TLS is enabled, wrap the listener with a TLS listener
 	if config.TLSConfig.EnableHTTP {
 		tlsConf := &tlsutil.Config{
-			VerifyIncoming:       config.TLSConfig.VerifyIncoming,
-			VerifyOutgoing:       config.TLSConfig.VerifyOutgoing,
+			VerifyIncoming:       config.TLSConfig.VerifyHTTPSClient,
+			VerifyOutgoing:       config.TLSConfig.VerifyHTTPSClient,
 			VerifyServerHostname: config.TLSConfig.VerifyServerHostname,
 			CAFile:               config.TLSConfig.CAFile,
 			CertFile:             config.TLSConfig.CertFile,

diff --git a/nomad/structs/config/tls.go b/nomad/structs/config/tls.go
@@ -29,11 +29,8 @@ type TLSConfig struct {
 	// Must be provided to serve TLS connections.
 	KeyFile string `mapstructure:"key_file"`
 
-	// VerifyIncoming
-	VerifyIncoming bool `mapstructure:"verify_incoming"`
-
-	// VerifyOutgoing
-	VerifyOutgoing bool `mapstructure:"verify_outgoing"`
+	// Verify connections to the HTTPS API
+	VerifyHTTPSClient bool `mapstructure:"verify_https_client"`
 }
 
 // Merge is used to merge two TLS configs together
@@ -58,12 +55,8 @@ func (t *TLSConfig) Merge(b *TLSConfig) *TLSConfig {
 	if b.KeyFile != "" {
 		result.KeyFile = b.KeyFile
 	}
-	if b.VerifyIncoming {
-		result.VerifyIncoming = true
-	}
-	if b.VerifyOutgoing {
-		result.VerifyOutgoing = true
+	if b.VerifyHTTPSClient {
+		result.VerifyHTTPSClient = true
 	}
-
 	return &result
 }