Add support to skip TLS verification

Follow up from open-telemetry#933 where InsecureSkipVerify was discussed but not implemented.
bombsimon · Nov 23, 2020 · 15c9331 · 15c9331
1 parent cc0a999
commit 15c9331
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/config/configtls/configtls.go b/config/configtls/configtls.go
@@ -50,10 +50,9 @@ type TLSClientSetting struct {
 	// (InsecureSkipVerify in the tls Config). Please refer to
 	// https://godoc.org/crypto/tls#Config for more information.
 	// (optional, default false)
-	// TODO(ccaraman): With further research InsecureSkipVerify is a valid option
-	// for gRPC connections. Add that ability to the TLSClientSettings in a subsequent
-	// pr.
 	Insecure bool `mapstructure:"insecure"`
+	// InsecureSkipVerify will enable TLS but not verify the certificate.
+	InsecureSkipVerify bool `mapstructure:"insecure_skip_verify"`
 	// ServerName requested by client for virtual hosting.
 	// This sets the ServerName in the TLSConfig. Please refer to
 	// https://godoc.org/crypto/tls#Config for more information. (optional)
@@ -131,6 +130,7 @@ func (c TLSClientSetting) LoadTLSConfig() (*tls.Config, error) {
 		return nil, fmt.Errorf("failed to load TLS config: %w", err)
 	}
 	tlsCfg.ServerName = c.ServerName
+	tlsCfg.InsecureSkipVerify = c.InsecureSkipVerify
 	return tlsCfg, nil
 }
 

diff --git a/config/configtls/configtls_test.go b/config/configtls/configtls_test.go
@@ -146,6 +146,14 @@ func TestLoadTLSClientConfig(t *testing.T) {
 	tlsCfg, err = tlsSetting.LoadTLSConfig()
 	assert.NoError(t, err)
 	assert.NotNil(t, tlsCfg)
+
+	tlsSetting = TLSClientSetting{
+		InsecureSkipVerify: true,
+	}
+	tlsCfg, err = tlsSetting.LoadTLSConfig()
+	assert.NoError(t, err)
+	assert.NotNil(t, tlsCfg)
+	assert.True(t, tlsCfg.InsecureSkipVerify)
 }
 
 func TestLoadTLSServerConfigError(t *testing.T) {