Config parameter "tls_disable_client_certs" is wrongly evaluated. #4049

bharath-b23 · 2018-02-28T14:26:11Z

Config parameter "tls_disable_client_certs" is evaluated wrongly, i.e. irrespective of the value set the action taken is that of when set to true.

LD_FLAGS can be used as environment variable

Merge latest changes to master

jefferai · 2018-02-28T14:43:43Z

command/server/listener.go

+		if disableClientCerts {
+			tlsConf.ClientAuth = tls.NoClientCert
+		}
+		if !disableClientCerts {


This if section shouldn't be here. Only the first is needed.

If "tls_disable_client_certs" is set to false, then if client provides a certificate shouldn't it be validated.

Sorry I overlooked the default value set.

…ts is set to true.

jefferai · 2018-02-28T15:07:16Z

Thanks!

bharath-b23 added 9 commits September 22, 2017 19:03

Update Makefile

0b4a74d

Update build.sh

4325f41

Reverted back strip vault binary changes

8d8b74f

Update build.sh - Add comment for the changes made

a3d3005

Merge branch 'master' into master

619483a

Merge branch 'master' into master

c5891ac

Remove VAULT_STRIP_BINARIES check

82f1694

LD_FLAGS can be used as environment variable

Update listener.go

e76f498

Merge pull request #1 from hashicorp/master

c62eaae

Merge latest changes to master

jefferai reviewed Feb 28, 2018

View reviewed changes

jefferai added this to the 0.9.6 milestone Feb 28, 2018

Set TLS Client Auth to NoClientCert, only when tls_disable_client_cer…

38c7163

…ts is set to true.

jefferai approved these changes Feb 28, 2018

View reviewed changes

jefferai merged commit 0652461 into hashicorp:master Feb 28, 2018

Provide feedback