nats-io#181 support TLS Insecure connection - added flag --tlsinsecure

mschneider82 · Jul 25, 2024 · e8d44f4 · e8d44f4
1 parent 7b97b33
commit e8d44f4
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/cli/util.go b/cli/util.go
@@ -307,6 +307,10 @@ func natsOpts() []nats.Option {
 		connectionName = "NATS CLI Version " + Version
 	}
 
+	if opts().TlsInsecure {
+		copts = append(copts, nats.Secure(&tls.Config{InsecureSkipVerify: true}))
+	}
+
 	return append(copts, []nats.Option{
 		nats.Name(connectionName),
 		nats.MaxReconnects(-1),

diff --git a/nats/main.go b/nats/main.go
@@ -57,6 +57,7 @@ See 'nats cheat' for a quick cheatsheet of commands`
 	ncli.Flag("tlskey", "TLS private key").Envar("NATS_KEY").PlaceHolder("FILE").ExistingFileVar(&opts.TlsKey)
 	ncli.Flag("tlsca", "TLS certificate authority chain").Envar("NATS_CA").PlaceHolder("FILE").ExistingFileVar(&opts.TlsCA)
 	ncli.Flag("tlsfirst", "Perform TLS handshake before expecting the server greeting").BoolVar(&opts.TlsFirst)
+	ncli.Flag("tlsinsecure", "Disable TLS Certificate Verification").BoolVar(&opts.TlsInsecure)
 	if runtime.GOOS == "windows" {
 		ncli.Flag("certstore", "Uses a Windows Certificate Store for TLS (user, machine)").PlaceHolder("TYPE").EnumVar(&opts.WinCertStoreType, "user", "windowscurrentuser", "machine", "windowslocalmachine")
 		ncli.Flag("certstore-match", "Which certificate to use in the store").PlaceHolder("QUERY").StringVar(&opts.WinCertStoreMatch)

diff --git a/options/options.go b/options/options.go
@@ -36,6 +36,8 @@ type Options struct {
 	TlsKey string
 	// TlsCA is the certificate authority to verify the connection with
 	TlsCA string
+	// TlsInsecure Disable TLS Certificate Verification
+	TlsInsecure bool
 	// Timeout is how long to wait for operations
 	Timeout time.Duration
 	// ConnectionName is the name to use for the underlying NATS connection