diff --git a/README.md b/README.md index 64ea12f..d4c90f8 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,9 @@ supported TLS connections to the NATS server, which I need. Includes: ``` -nats-pub [-s server] [-tls] [-tlscert CERT_FILE] [-tlskey KEY_FILE] [-tlscacert CA_FILE] +nats-pub [-s server] [-tls] [-tlscert CERT_FILE] [-tlskey KEY_FILE] [-tlscacert CA_FILE] [-tlsverify] -nats-sub [-s server] [-ts] [-tls] [-tlscert CERT_FILE] [-tlskey KEY_FILE] [-tlscacert CA_FILE] +nats-sub [-s server] [-ts] [-tls] [-tlscert CERT_FILE] [-tlskey KEY_FILE] [-tlscacert CA_FILE] [-tlsverify] ``` diff --git a/nats-pub/app.go b/nats-pub/app.go index 76d579e..c7d5797 100644 --- a/nats-pub/app.go +++ b/nats-pub/app.go @@ -9,7 +9,7 @@ import ( ) func usage() { - log.Fatalf("nats-pub [-s server] [-tls] [-tlscert CERT_FILE] [-tlskey KEY_FILE] [-tlscacert CA_FILE] ") + log.Fatalf("nats-pub [-s server] [-tls] [-tlscert CERT_FILE] [-tlskey KEY_FILE] [-tlscacert CA_FILE] [-tlsverify] ") } func main() { @@ -20,6 +20,7 @@ func main() { var tlsCertPath = flag.String("tlscert", "", "Certificate file") var tlsKeyPath = flag.String("tlskey", "", "Private key file for certificate") var tlsCACertPath = flag.String("tlscacert", "", "Client certificate CA file") + var tlsVerify = flag.Bool("tlsverify", true, "Enable TLS connection verification") flag.Usage = usage flag.Parse() @@ -31,7 +32,7 @@ func main() { var subject = flag.Arg(0) var message = flag.Arg(1) - conn, err := nc.Connect(*url, *tls, *tlsCertPath, *tlsKeyPath, *tlsCACertPath) + conn, err := nc.Connect(*url, *tls, *tlsCertPath, *tlsKeyPath, *tlsCACertPath, *tlsVerify) if err != nil { log.Fatalf("Failed to connect to NATS: %s", err) } diff --git a/nats-sub/app.go b/nats-sub/app.go index b8e5e9c..df93365 100644 --- a/nats-sub/app.go +++ b/nats-sub/app.go @@ -11,7 +11,7 @@ import ( ) func usage() { - log.Fatalf("nats-sub [-s server] [-ts] [-tls] [-tlscert CERT_FILE] [-tlskey KEY_FILE] [-tlscacert CA_FILE] ") + log.Fatalf("nats-sub [-s server] [-ts] [-tls] [-tlscert CERT_FILE] [-tlskey KEY_FILE] [-tlscacert CA_FILE] [-tlsverify] ") } func main() { @@ -23,6 +23,7 @@ func main() { var tlsCertPath = flag.String("tlscert", "", "Certificate file") var tlsKeyPath = flag.String("tlskey", "", "Private key file for certificate") var tlsCACertPath = flag.String("tlscacert", "", "Client certificate CA file") + var tlsVerify = flag.Bool("tlsverify", false, "Enable TLS connection verification") flag.Usage = usage flag.Parse() @@ -38,7 +39,7 @@ func main() { log.SetFlags(log.LstdFlags) } - conn, err := nc.Connect(*url, *tls, *tlsCertPath, *tlsKeyPath, *tlsCACertPath) + conn, err := nc.Connect(*url, *tls, *tlsCertPath, *tlsKeyPath, *tlsCACertPath, *tlsVerify) if err != nil { log.Fatalf("Failed to connect to NATS: %s", err) } diff --git a/nats.go b/nats.go index c89cd37..0e50f11 100644 --- a/nats.go +++ b/nats.go @@ -2,11 +2,11 @@ package nats_cli import ( "errors" - + ctls "crypto/tls" "github.com/nats-io/nats" ) -func Connect(url string, tls bool, certPath string, keyPath string, caCertPath string) (*nats.Conn, error) { +func Connect(url string, tls bool, certPath string, keyPath string, caCertPath string, verify bool) (*nats.Conn, error) { if tls { if len(certPath) == 0 { return nil, errors.New("tlscert not set") @@ -19,10 +19,19 @@ func Connect(url string, tls bool, certPath string, keyPath string, caCertPath s var conn *nats.Conn var err error + tlsverify := func(o *nats.Options) error { + if o.TLSConfig == nil { + o.TLSConfig.InsecureSkipVerify = !verify + } else { + o.TLSConfig = &ctls.Config{InsecureSkipVerify: !verify} + } + return nil + } + if len(caCertPath) > 0 { - conn, err = nats.Connect(url, nats.RootCAs(caCertPath), cert) + conn, err = nats.Connect(url, nats.RootCAs(caCertPath), cert, tlsverify) } else { - conn, err = nats.Connect(url, cert) + conn, err = nats.Connect(url, cert, tlsverify) } if err != nil {