From a4ad6eb31993dd7cbd1dd1a134a7dfc764df6236 Mon Sep 17 00:00:00 2001
From: Pete Wildsmith <pete@dabapps.com>
Date: Fri, 28 Apr 2017 10:45:09 +0100
Subject: [PATCH] reduce to one configuration option

There should be just one option, verify_https_client, which
controls incoming and outgoing validation for the HTTPS wrapper
---
 command/agent/config-test-fixtures/basic.hcl |  3 +--
 command/agent/config_parse.go                |  3 +--
 command/agent/http.go                        |  4 ++--
 nomad/structs/config/tls.go                  | 15 ++++-----------
 4 files changed, 8 insertions(+), 17 deletions(-)

diff --git a/command/agent/config-test-fixtures/basic.hcl b/command/agent/config-test-fixtures/basic.hcl
index 65c0b874eef7..8d4880a7d27e 100644
--- a/command/agent/config-test-fixtures/basic.hcl
+++ b/command/agent/config-test-fixtures/basic.hcl
@@ -138,6 +138,5 @@ tls {
     ca_file = "foo"
     cert_file = "bar"
     key_file = "pipe"
-    verify_incoming = true
-    verify_outgoing = true
+    verify_https_client = true
 }
diff --git a/command/agent/config_parse.go b/command/agent/config_parse.go
index da14f6fd12a2..403f5b75b5ca 100644
--- a/command/agent/config_parse.go
+++ b/command/agent/config_parse.go
@@ -689,8 +689,7 @@ func parseTLSConfig(result **config.TLSConfig, list *ast.ObjectList) error {
 		"ca_file",
 		"cert_file",
 		"key_file",
-		"verify_incoming",
-		"verify_outgoing",
+		"verify_https_client",
 	}
 
 	if err := checkHCLKeys(listVal, valid); err != nil {
diff --git a/command/agent/http.go b/command/agent/http.go
index 70fef37db460..787f02e662f5 100644
--- a/command/agent/http.go
+++ b/command/agent/http.go
@@ -65,8 +65,8 @@ func NewHTTPServer(agent *Agent, config *Config) (*HTTPServer, error) {
 	// If TLS is enabled, wrap the listener with a TLS listener
 	if config.TLSConfig.EnableHTTP {
 		tlsConf := &tlsutil.Config{
-			VerifyIncoming:       config.TLSConfig.VerifyIncoming,
-			VerifyOutgoing:       config.TLSConfig.VerifyOutgoing,
+			VerifyIncoming:       config.TLSConfig.VerifyHTTPSClient,
+			VerifyOutgoing:       config.TLSConfig.VerifyHTTPSClient,
 			VerifyServerHostname: config.TLSConfig.VerifyServerHostname,
 			CAFile:               config.TLSConfig.CAFile,
 			CertFile:             config.TLSConfig.CertFile,
diff --git a/nomad/structs/config/tls.go b/nomad/structs/config/tls.go
index 694400e61cdd..2baa76a07f7f 100644
--- a/nomad/structs/config/tls.go
+++ b/nomad/structs/config/tls.go
@@ -29,11 +29,8 @@ type TLSConfig struct {
 	// Must be provided to serve TLS connections.
 	KeyFile string `mapstructure:"key_file"`
 
-	// VerifyIncoming
-	VerifyIncoming bool `mapstructure:"verify_incoming"`
-
-	// VerifyOutgoing
-	VerifyOutgoing bool `mapstructure:"verify_outgoing"`
+	// Verify connections to the HTTPS API
+	VerifyHTTPSClient bool `mapstructure:"verify_https_client"`
 }
 
 // Merge is used to merge two TLS configs together
@@ -58,12 +55,8 @@ func (t *TLSConfig) Merge(b *TLSConfig) *TLSConfig {
 	if b.KeyFile != "" {
 		result.KeyFile = b.KeyFile
 	}
-	if b.VerifyIncoming {
-		result.VerifyIncoming = true
-	}
-	if b.VerifyOutgoing {
-		result.VerifyOutgoing = true
+	if b.VerifyHTTPSClient {
+		result.VerifyHTTPSClient = true
 	}
-
 	return &result
 }