Unverified Commit 739e4214 authored by Erik Wilson's avatar Erik Wilson Committed by GitHub

Merge pull request #693 from yamt/insecure-bootstrap

Fix bootstrap with non-tls etcd
parents 506d8cdc d78701ac
......@@ -171,7 +171,9 @@ func checkBootstrapArgs(cfg *config.Control, accepted map[string]bool) (bool, er
}
func genBootstrapTLSConfig(cfg *config.Control) (*tls.Config, error) {
tlsConfig := &tls.Config{}
secureTLSConfig := &tls.Config{}
// Note: clientv3 excepts nil for non-tls
var tlsConfig *tls.Config
if cfg.StorageCertFile != "" && cfg.StorageKeyFile != "" {
certPem, err := ioutil.ReadFile(cfg.StorageCertFile)
if err != nil {
......@@ -185,6 +187,7 @@ func genBootstrapTLSConfig(cfg *config.Control) (*tls.Config, error) {
if err != nil {
return nil, err
}
tlsConfig = secureTLSConfig
tlsConfig.Certificates = []tls.Certificate{tlsCert}
}
if cfg.StorageCAFile != "" {
......@@ -194,6 +197,7 @@ func genBootstrapTLSConfig(cfg *config.Control) (*tls.Config, error) {
}
certPool := x509.NewCertPool()
certPool.AppendCertsFromPEM(caData)
tlsConfig = secureTLSConfig
tlsConfig.RootCAs = certPool
}
return tlsConfig, nil
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment