From 1a257de95c1bd77ee02f7dd4631bfeb38086e315 Mon Sep 17 00:00:00 2001 From: Igal Shprincis Date: Sun, 30 Sep 2018 19:12:11 +0300 Subject: [PATCH 1/3] watch: use CONSUL_TLS_SERVER_NAME for https if defined (#4718) --- agent/agent.go | 2 +- agent/config/runtime.go | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/agent/agent.go b/agent/agent.go index 4fc0c0279852..47674f1da745 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -750,7 +750,7 @@ func (a *Agent) reloadWatches(cfg *config.RuntimeConfig) error { addr := config.Address if config.Scheme == "https" { - addr = "https://" + addr + addr = "https://" + config.TLSConfig.Address } if err := wp.RunWithConfig(addr, config); err != nil { diff --git a/agent/config/runtime.go b/agent/config/runtime.go index db3eb699c24f..1800a08e6f54 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -1467,6 +1467,7 @@ func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error) Datacenter: c.Datacenter, TLSConfig: api.TLSConfig{InsecureSkipVerify: !c.VerifyOutgoing}, } + dcfg := api.DefaultConfig() unixAddr, httpAddr, httpsAddr := c.ClientAddress() @@ -1475,7 +1476,7 @@ func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error) cfg.Scheme = "https" cfg.TLSConfig.CAFile = c.CAFile cfg.TLSConfig.CAPath = c.CAPath - cfg.TLSConfig.Address = httpsAddr + cfg.TLSConfig.Address = dcfg.TLSConfig.Address if includeClientCerts { cfg.TLSConfig.CertFile = c.CertFile cfg.TLSConfig.KeyFile = c.KeyFile From 9a89e06649d5a5c10e7bd435cbb482c53171698f Mon Sep 17 00:00:00 2001 From: Igal Shprincis Date: Sun, 7 Oct 2018 01:18:50 +0300 Subject: [PATCH 2/3] Revert: watch: use CONSUL_TLS_SERVER_NAME for https if defined (#4718) --- agent/agent.go | 2 +- agent/config/runtime.go | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/agent/agent.go b/agent/agent.go index 47674f1da745..4fc0c0279852 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -750,7 +750,7 @@ func (a *Agent) reloadWatches(cfg *config.RuntimeConfig) error { addr := config.Address if config.Scheme == "https" { - addr = "https://" + config.TLSConfig.Address + addr = "https://" + addr } if err := wp.RunWithConfig(addr, config); err != nil { diff --git a/agent/config/runtime.go b/agent/config/runtime.go index 1800a08e6f54..db3eb699c24f 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -1467,7 +1467,6 @@ func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error) Datacenter: c.Datacenter, TLSConfig: api.TLSConfig{InsecureSkipVerify: !c.VerifyOutgoing}, } - dcfg := api.DefaultConfig() unixAddr, httpAddr, httpsAddr := c.ClientAddress() @@ -1476,7 +1475,7 @@ func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error) cfg.Scheme = "https" cfg.TLSConfig.CAFile = c.CAFile cfg.TLSConfig.CAPath = c.CAPath - cfg.TLSConfig.Address = dcfg.TLSConfig.Address + cfg.TLSConfig.Address = httpsAddr if includeClientCerts { cfg.TLSConfig.CertFile = c.CertFile cfg.TLSConfig.KeyFile = c.KeyFile From 4b02170ddaf2f340f2f1f727ff3046a69b001dda Mon Sep 17 00:00:00 2001 From: Igal Shprincis Date: Sun, 7 Oct 2018 01:21:24 +0300 Subject: [PATCH 3/3] Prevent setting the value of TLSConfig.Address (#4718) --- agent/config/runtime.go | 1 - 1 file changed, 1 deletion(-) diff --git a/agent/config/runtime.go b/agent/config/runtime.go index db3eb699c24f..7a81c8e54d8f 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -1475,7 +1475,6 @@ func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error) cfg.Scheme = "https" cfg.TLSConfig.CAFile = c.CAFile cfg.TLSConfig.CAPath = c.CAPath - cfg.TLSConfig.Address = httpsAddr if includeClientCerts { cfg.TLSConfig.CertFile = c.CertFile cfg.TLSConfig.KeyFile = c.KeyFile