Commit 3e77583c authored by Andrei Mihu's avatar Andrei Mihu
Browse files

Better handling of SSL connections in development configurations.

parent 26e2970a

CHANGELOG.md

+2 −1
Original line number Diff line number Diff line
@@ -4,7 +4,8 @@ All notable changes to this project are documented below. 
The format is based on [keep a changelog](http://keepachangelog.com) and this project uses [semantic versioning](http://semver.org).



## [Unreleased]



### Fixed

- Better handling of SSL connections in development configurations.



## [2.14.1] - 2020-11-02

### Added

server/api.go

+8 −1
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ package server 
import (

	"context"

	"crypto"

	"crypto/x509"

	"database/sql"

	"encoding/base64"

	"fmt"
@@ -182,7 +183,13 @@ func StartApiServer(logger *zap.Logger, startupLogger *zap.Logger, db *sql.DB, j 
		//grpc.WithStatsHandler(&ocgrpc.ClientHandler{}),

	}

	if config.GetSocket().TLSCert != nil {

		dialOpts = append(dialOpts, grpc.WithTransportCredentials(credentials.NewServerTLSFromCert(&config.GetSocket().TLSCert[0])))

		// GRPC-Gateway only ever dials 127.0.0.1 so we can be lenient on server certificate validation.

		certPool := x509.NewCertPool()

		if !certPool.AppendCertsFromPEM(config.GetSocket().CertPEMBlock) {

			startupLogger.Fatal("Failed to load PEM certificate from socket SSL certificate file")

		}

		cert := credentials.NewTLS(&tls.Config{RootCAs: certPool, InsecureSkipVerify: true})

		dialOpts = append(dialOpts, grpc.WithTransportCredentials(cert))

	} else {

		dialOpts = append(dialOpts, grpc.WithInsecure())

	}