From afc01fe98673b1f62508db96532aac2c98881d6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Senart?= <tsenart@gmail.com>
Date: Fri, 27 Nov 2015 20:23:45 +0100
Subject: [PATCH] attack: Implement -insecure flag

This commit adds a flag to ignore invalid server TLS certificates.
---
 README.md | 7 +++++++
 attack.go | 8 +++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index b7b33466..e1c6cf93 100644
--- a/README.md
+++ b/README.md
@@ -48,6 +48,8 @@ attack command:
       Duration of the test [0 = forever]
   -header value
       Request header
+  -insecure
+      Ignore invalid server TLS certificates
   -keepalive
       Use persistent connections (default true)
   -key string
@@ -120,6 +122,8 @@ Usage of vegeta attack:
       Duration of the test [0 = forever]
   -header value
       Request header
+  -insecure
+      Ignore invalid server TLS certificates
   -keepalive
       Use persistent connections (default true)
   -key string
@@ -165,6 +169,9 @@ responses delay. Use 0 for an infinite attack.
 Specifies a request header to be used in all targets defined, see `-targets`.
 You can specify as many as needed by repeating the flag.
 
+#### `-insecure`
+Specifies whether to ignore invalid server TLS certificates.
+
 #### `-keepalive`
 Specifies whether to reuse TCP connections between HTTP requests.
 
diff --git a/attack.go b/attack.go
index 987dae00..8a0c970d 100644
--- a/attack.go
+++ b/attack.go
@@ -29,6 +29,7 @@ func attackCmd() command {
 	fs.StringVar(&opts.certf, "cert", "", "TLS client PEM encoded certificate file")
 	fs.StringVar(&opts.keyf, "key", "", "TLS client PEM encoded private key file")
 	fs.Var(&opts.rootCerts, "root-certs", "TLS root certificate files (comma separated list)")
+	fs.BoolVar(&opts.insecure, "insecure", false, "Ignore invalid server TLS certificates")
 	fs.BoolVar(&opts.lazy, "lazy", false, "Read targets lazily")
 	fs.DurationVar(&opts.duration, "duration", 0, "Duration of the test [0 = forever]")
 	fs.DurationVar(&opts.timeout, "timeout", vegeta.DefaultTimeout, "Requests timeout")
@@ -59,6 +60,7 @@ type attackOpts struct {
 	certf       string
 	keyf        string
 	rootCerts   csl
+	insecure    bool
 	lazy        bool
 	duration    time.Duration
 	timeout     time.Duration
@@ -115,7 +117,7 @@ func attack(opts *attackOpts) (err error) {
 	}
 	defer out.Close()
 
-	tlsc, err := tlsConfig(opts.certf, opts.keyf, opts.rootCerts)
+	tlsc, err := tlsConfig(opts.insecure, opts.certf, opts.keyf, opts.rootCerts)
 	if err != nil {
 		return err
 	}
@@ -152,7 +154,7 @@ func attack(opts *attackOpts) (err error) {
 }
 
 // tlsConfig builds a *tls.Config from the given options.
-func tlsConfig(certf, keyf string, rootCerts []string) (*tls.Config, error) {
+func tlsConfig(insecure bool, certf, keyf string, rootCerts []string) (*tls.Config, error) {
 	var err error
 	files := map[string][]byte{}
 	filenames := append([]string{certf, keyf}, rootCerts...)
@@ -164,7 +166,7 @@ func tlsConfig(certf, keyf string, rootCerts []string) (*tls.Config, error) {
 		}
 	}
 
-	var c tls.Config
+	c := tls.Config{InsecureSkipVerify: insecure}
 	if cert, ok := files[certf]; ok {
 		key, ok := files[keyf]
 		if !ok {