fix: dont use custom tls verification logic in connector

infrahq · Mar 26, 2022 · 66e7871 · 66e7871
1 parent d5e34c9
commit 66e7871
Showing 1 changed file with 3 additions and 25 deletions.
diff --git a/internal/connector/connector.go b/internal/connector/connector.go
@@ -348,31 +348,9 @@ func updateRoles(c *api.Client, k *kubernetes.Kubernetes, grants []api.Grant) er
 }
 
 func Run(options Options) error {
-	hostTLSConfig := &tls.Config{MinVersion: tls.VersionTLS12}
-
-	if options.SkipTLSVerify {
-		// TODO (https://github.com/infrahq/infra/issues/174)
-		// Find a way to re-use the built-in TLS verification code vs
-		// this custom code based on the official go TLS example code
-		// which states this is approximately the same.
-		hostTLSConfig.InsecureSkipVerify = true
-		hostTLSConfig.VerifyConnection = func(cs tls.ConnectionState) error {
-			opts := x509.VerifyOptions{
-				DNSName:       cs.ServerName,
-				Intermediates: x509.NewCertPool(),
-			}
-
-			for _, cert := range cs.PeerCertificates[1:] {
-				opts.Intermediates.AddCert(cert)
-			}
-
-			_, err := cs.PeerCertificates[0].Verify(opts)
-			if err != nil {
-				logging.S.Warnf("could not verify Infra TLS certificates: %s", err.Error())
-			}
-
-			return nil
-		}
+	hostTLSConfig := &tls.Config{
+		MinVersion:         tls.VersionTLS12,
+		InsecureSkipVerify: options.SkipTLSVerify,
 	}
 
 	k8s, err := kubernetes.NewKubernetes()