本文整理汇总了Golang中crypto/tls.Config.InsecureSkipVerify方法的典型用法代码示例。如果您正苦于以下问题:Golang Config.InsecureSkipVerify方法的具体用法?Golang Config.InsecureSkipVerify怎么用?Golang Config.InsecureSkipVerify使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类crypto/tls.Config
的用法示例。
在下文中一共展示了Config.InsecureSkipVerify方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: getTlsConfig
func getTlsConfig(verify bool, cert, key, ca string) (*tls.Config, error) {
var config tls.Config
config.InsecureSkipVerify = true
if verify {
certPool := x509.NewCertPool()
file, err := ioutil.ReadFile(ca)
if err != nil {
return nil, err
}
certPool.AppendCertsFromPEM(file)
config.RootCAs = certPool
config.InsecureSkipVerify = false
}
_, errCert := os.Stat(cert)
_, errKey := os.Stat(key)
if errCert == nil || errKey == nil {
tlsCert, err := tls.LoadX509KeyPair(cert, key)
if err != nil {
return nil, fmt.Errorf("Couldn't load X509 key pair: %v. Key encrpyted?\n", err)
}
config.Certificates = []tls.Certificate{tlsCert}
}
config.MinVersion = tls.VersionTLS10
return &config, nil
}
示例2: ssl
func (cn *conn) ssl(o values) {
verifyCaOnly := false
tlsConf := tls.Config{}
switch mode := o.Get("sslmode"); mode {
// "require" is the default.
case "", "require":
// We must skip TLS's own verification since it requires full
// verification since Go 1.3.
tlsConf.InsecureSkipVerify = true
// From http://www.postgresql.org/docs/current/static/libpq-ssl.html:
// Note: For backwards compatibility with earlier versions of PostgreSQL, if a
// root CA file exists, the behavior of sslmode=require will be the same as
// that of verify-ca, meaning the server certificate is validated against the
// CA. Relying on this behavior is discouraged, and applications that need
// certificate validation should always use verify-ca or verify-full.
if _, err := os.Stat(o.Get("sslrootcert")); err == nil {
verifyCaOnly = true
} else {
o.Set("sslrootcert", "")
}
case "verify-ca":
// We must skip TLS's own verification since it requires full
// verification since Go 1.3.
tlsConf.InsecureSkipVerify = true
verifyCaOnly = true
case "verify-full":
tlsConf.ServerName = o.Get("host")
case "disable":
return
default:
errorf(`unsupported sslmode %q; only "require" (default), "verify-full", "verify-ca", and "disable" supported`, mode)
}
cn.setupSSLClientCertificates(&tlsConf, o)
cn.setupSSLCA(&tlsConf, o)
w := cn.writeBuf(0)
w.int32(80877103)
cn.sendStartupPacket(w)
b := cn.scratch[:1]
_, err := io.ReadFull(cn.c, b)
if err != nil {
panic(err)
}
if b[0] != 'S' {
panic(ErrSSLNotSupported)
}
client := tls.Client(cn.c, &tlsConf)
if verifyCaOnly {
cn.verifyCA(client, &tlsConf)
}
cn.c = client
}
示例3: newDockerClient
func newDockerClient() *client.DockerCli {
// Set terminal emulation based on platform as required.
stdin, stdout, stderr := term.StdStreams()
setDefaultConfFlag(flTrustKey, defaultTrustKeyFile)
if len(flHosts) > 1 {
log.Fatal("Please specify only one -H")
}
protoAddrParts := strings.SplitN(flHosts[0], "://", 2)
var (
cli *client.DockerCli
tlsConfig tls.Config
)
tlsConfig.InsecureSkipVerify = true
// Regardless of whether the user sets it to true or false, if they
// specify --tlsverify at all then we need to turn on tls
if flag.IsSet("-tlsverify") {
*flTls = true
}
// If we should verify the server, we need to load a trusted ca
if *flTlsVerify {
certPool := x509.NewCertPool()
file, err := ioutil.ReadFile(*flCa)
if err != nil {
log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err)
}
certPool.AppendCertsFromPEM(file)
tlsConfig.RootCAs = certPool
tlsConfig.InsecureSkipVerify = false
}
// If tls is enabled, try to load and send client certificates
if *flTls || *flTlsVerify {
_, errCert := os.Stat(*flCert)
_, errKey := os.Stat(*flKey)
if errCert == nil && errKey == nil {
*flTls = true
cert, err := tls.LoadX509KeyPair(*flCert, *flKey)
if err != nil {
log.Fatalf("Couldn't load X509 key pair: %q. Make sure the key is encrypted", err)
}
tlsConfig.Certificates = []tls.Certificate{cert}
}
// Avoid fallback to SSL protocols < TLS1.0
tlsConfig.MinVersion = tls.VersionTLS10
}
cli = client.NewDockerCli(stdin, stdout, stderr, *flTrustKey, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
return cli
}
示例4: getTLSConfig
func (host *Host) getTLSConfig() (*tls.Config, error) {
var tlsConfig tls.Config
if !host.TLS {
return nil, nil
}
tlsConfig.InsecureSkipVerify = !host.TLSVerify
if host.TLSVerify {
certPool := x509.NewCertPool()
file, err := ioutil.ReadFile(host.TLSCaCert)
if err != nil {
return nil, err
}
certPool.AppendCertsFromPEM(file)
tlsConfig.RootCAs = certPool
}
cert, err := tls.LoadX509KeyPair(host.TLSCert, host.TLSKey)
if err != nil {
return nil, err
}
tlsConfig.Certificates = []tls.Certificate{cert}
tlsConfig.MinVersion = tls.VersionTLS10
return &tlsConfig, nil
}
示例5: getTLSConfig
func getTLSConfig() (*tls.Config, error) {
// TLS config
var tlsConfig tls.Config
tlsConfig.InsecureSkipVerify = true
certPool := x509.NewCertPool()
file, err := ioutil.ReadFile(config.CACertificate)
if err != nil {
return nil, err
}
certPool.AppendCertsFromPEM(file)
tlsConfig.RootCAs = certPool
_, errCert := os.Stat(config.SSLCertificate)
_, errKey := os.Stat(config.SSLKey)
if errCert == nil && errKey == nil {
cert, err := tls.LoadX509KeyPair(config.SSLCertificate, config.SSLKey)
if err != nil {
return &tlsConfig, err
}
tlsConfig.Certificates = []tls.Certificate{cert}
}
return &tlsConfig, nil
}
示例6: setupTls
func setupTls(caFile, certFile, keyFile string) {
if caFile == "" || certFile == "" || keyFile == "" {
return
}
caData, err := ioutil.ReadFile(caFile)
if os.IsNotExist(err) {
return
}
if err != nil {
fmt.Fprintf(os.Stderr, "Unable to load CA file\t%s\n",
err)
os.Exit(1)
}
caCertPool := x509.NewCertPool()
if !caCertPool.AppendCertsFromPEM(caData) {
fmt.Fprintln(os.Stderr, "Unable to parse CA file")
os.Exit(1)
}
clientConfig := new(tls.Config)
clientConfig.InsecureSkipVerify = true
clientConfig.MinVersion = tls.VersionTLS12
clientConfig.RootCAs = caCertPool
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if os.IsNotExist(err) {
return
}
if err != nil {
fmt.Fprintf(os.Stderr, "Unable to load keypair\t%s\n",
err)
os.Exit(1)
}
clientConfig.Certificates = append(clientConfig.Certificates, cert)
srpc.RegisterClientTlsConfig(clientConfig)
}
示例7: ClientConfig
// ClientConfig generates a tls.Config object for use by an HTTP client.
func (info TLSInfo) ClientConfig() (*tls.Config, error) {
var cfg *tls.Config
var err error
if !info.Empty() {
cfg, err = info.baseConfig()
if err != nil {
return nil, err
}
} else {
cfg = &tls.Config{ServerName: info.ServerName}
}
CAFiles := info.cafiles()
if len(CAFiles) > 0 {
cfg.RootCAs, err = tlsutil.NewCertPool(CAFiles)
if err != nil {
return nil, err
}
// if given a CA, trust any host with a cert signed by the CA
cfg.ServerName = ""
}
if info.selfCert {
cfg.InsecureSkipVerify = true
}
return cfg, nil
}
示例8: main
func main() {
log.SetPrefix(PREFIX + " ")
log.SetFlags(0)
check := func(err error) {
if err != nil {
log.Fatal(err)
}
}
if len(os.Args) < 3 {
log.Fatal("give arguments plz")
}
config := new(tls.Config)
config.InsecureSkipVerify = true
config.CipherSuites = []uint16{
tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
}
println("connecting")
c, err := tls.Dial("tcp", os.Args[1], config)
check(err)
defer c.Close()
w, err := os.Create(os.Args[2])
check(err)
defer w.Close()
statusc := make(chan float64)
exit := make(chan struct{})
go statusLoop(statusc, exit)
println("writing to", os.Args[2])
copyTo(c, w, statusc)
<-exit
fmt.Println("\n"+PREFIX, "done")
}
示例9: Dial
// Makes an outgoing connection using that protocol type to the given node ID.
// Returns a non-nil error if it is unable to connect.
// Panics if it is called with protocol set to CLIENT_PROTOCOL.
func Dial(protocol int, id uint16) (*BaseConn, error) {
log.Print("dialing node ", id)
if protocol == CLIENT_PROTOCOL {
panic("tried to make outgoing client protocol connection")
}
ip := config.NodeIP(id)
ipStr := ip.String()
port := getProtocolPort(protocol)
portStr := strconv.FormatInt(int64(port), 10)
tlsConfig := new(tls.Config)
tlsConfig.Certificates = []tls.Certificate{*config.Certificate()}
tlsConfig.RootCAs = config.NodeCertPool(id)
// We rely on the receiving node to do TLS authentication for now.
// This is safe because it verifies our identity for us.
// Backwards to the usual arrangement but should be secure.
tlsConfig.InsecureSkipVerify = true
tlsConn, err := tls.Dial("tcp", ipStr+":"+portStr, tlsConfig)
if err != nil {
log.Print(err)
return nil, err
}
return newBaseConn(tlsConn), nil
}
示例10: ssl
func (cn *conn) ssl(o values) {
tlsConf := tls.Config{}
switch mode := o.Get("sslmode"); mode {
case "require", "":
tlsConf.InsecureSkipVerify = true
case "verify-full":
// fall out
case "disable":
return
default:
errorf(`unsupported sslmode %q; only "require" (default), "verify-full", and "disable" supported`, mode)
}
cn.setupSSLCertKey(&tlsConf, o)
w := cn.writeBuf(0)
w.int32(80877103)
cn.send(w)
b := cn.scratch[:1]
_, err := io.ReadFull(cn.c, b)
if err != nil {
panic(err)
}
if b[0] != 'S' {
panic(ErrSSLNotSupported)
}
cn.c = tls.Client(cn.c, &tlsConf)
}
示例11: runClient
func runClient(transportFactory thrift.TTransportFactory, protocolFactory thrift.TProtocolFactory, addr string, secure bool) error {
var transport thrift.TTransport
var err error
if secure {
cfg := new(tls.Config)
cfg.InsecureSkipVerify = true
transport, err = thrift.NewTSSLSocket(addr, cfg)
} else {
transport, err = thrift.NewTSocket(addr)
}
if err != nil {
fmt.Println("Error opening socket:", err)
return err
}
transport = transportFactory.GetTransport(transport)
defer transport.Close()
if err := transport.Open(); err != nil {
return err
}
client := example.NewMtExampleServiceClientFactory(transport, protocolFactory)
oProfile, err := client.GetUserProfile(0)
if err != nil {
fmt.Println("GetUserProfile(0) ok " + oProfile.UseName)
}
return err
}
示例12: runClient
func runClient(transportFactory thrift.TTransportFactory, protocolFactory thrift.TProtocolFactory, addr string, secure bool) error {
var transport thrift.TTransport
var err error
if secure {
cfg := new(tls.Config)
cfg.InsecureSkipVerify = true
transport, err = thrift.NewTSSLSocket(addr, cfg)
} else {
transport, err = thrift.NewTSocket(addr)
}
if err != nil {
fmt.Println("Error opening socket:", err)
return err
}
if transport == nil {
return fmt.Errorf("Error opening socket, got nil transport. Is server available?")
}
transport = transportFactory.GetTransport(transport)
if transport == nil {
return fmt.Errorf("Error from transportFactory.GetTransport(), got nil transport. Is server available?")
}
err = transport.Open()
if err != nil {
return err
}
defer transport.Close()
return handleClient(tutorial.NewCalculatorClientFactory(transport, protocolFactory))
}
示例13: GetServerTLSConfig
// GetServerTLSConfig returns a TLS config for using with ListenAndServeTLS
// This sets up the Root and Client CAs for verification
func GetServerTLSConfig(caCert, serverCert, serverKey []byte, allowInsecure bool) (*tls.Config, error) {
// TLS config
var tlsConfig tls.Config
tlsConfig.InsecureSkipVerify = allowInsecure
certPool := x509.NewCertPool()
// load system certs
if err := loadSystemCertificates(certPool); err != nil {
return nil, err
}
// append custom CA
certPool.AppendCertsFromPEM(caCert)
tlsConfig.RootCAs = certPool
tlsConfig.ClientCAs = certPool
log.Debugf("tls root CAs: %d", len(tlsConfig.RootCAs.Subjects()))
// require client auth
tlsConfig.ClientAuth = tls.VerifyClientCertIfGiven
// server cert
keypair, err := tls.X509KeyPair(serverCert, serverKey)
if err != nil {
return &tlsConfig, err
}
tlsConfig.Certificates = []tls.Certificate{keypair}
return &tlsConfig, nil
}
示例14: connectToAMQP
func connectToAMQP(uri string) (*amqp.Connection, error) {
var conn *amqp.Connection
var err error
if strings.Contains(uri, "amqps") {
cfg := new(tls.Config)
if len(os.Getenv("PMB_SSL_INSECURE_SKIP_VERIFY")) > 0 {
cfg.InsecureSkipVerify = true
}
logrus.Debugf("calling DialTLS")
conn, err = amqp.DialTLS(uri, cfg)
logrus.Debugf("Connection obtained")
} else {
conn, err = amqp.Dial(uri)
}
if err != nil {
return nil, err
}
//logrus.Debugf("Conn: ", conn)
return conn, nil
}
示例15: Connect
func (c *tlsClient) Connect(timeout time.Duration) error {
host, _, err := net.SplitHostPort(c.hostport)
if err != nil {
return err
}
var tlsconfig tls.Config
tlsconfig.MinVersion = c.tls.MinVersion
tlsconfig.RootCAs = c.tls.RootCAs
tlsconfig.Certificates = c.tls.Certificates
tlsconfig.ServerName = host
tlsconfig.InsecureSkipVerify = c.tls.InsecureSkipVerify
if err := c.tcpClient.Connect(timeout); err != nil {
return c.onFail(err)
}
socket := tls.Client(c.Conn, &tlsconfig)
if err := socket.SetDeadline(time.Now().Add(timeout)); err != nil {
_ = socket.Close()
return c.onFail(err)
}
if err := socket.Handshake(); err != nil {
_ = socket.Close()
return c.onFail(err)
}
c.Conn = socket
c.connected = true
return nil
}