Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to disable mTLS #279

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

klurpicolo
Copy link

@klurpicolo klurpicolo commented Dec 24, 2024

Description

Add option to disable mTLS

Fixes (issue)

Type of change

Please select all options that apply to this change:

  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Bug fix (non-breaking change which fixes an issue)
  • Documentation update

Checklist:

Confirm you have completed the following steps:

  • My code follows the style of this project.
  • I have performed a self-review of my code.
  • I have made corresponding updates to the documentation.
  • I have added/updated unit tests to cover my changes.
  • I have added/updated integration tests to cover my changes.

@klurpicolo klurpicolo changed the title add DisableTLS add ability to disable mTLS Dec 24, 2024
@klurpicolo klurpicolo changed the title add ability to disable mTLS Add ability to disable mTLS Dec 24, 2024
@klurpicolo klurpicolo marked this pull request as ready for review December 24, 2024 16:50
@klurpicolo klurpicolo mentioned this pull request Dec 24, 2024
9 tasks
if server.TLSConfig, err = config.ExtractServiceTLSConfig(logger); err != nil {
return err
if config.DisableTLS {
err = server.ListenAndServe()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fleet-telemetry relies upon the device's certificate for its identify. With this implementation, won't extractCertFromHeaders panic since r.TLS would be nil?

func extractCertFromHeaders(r *http.Request) (*x509.Certificate, error) {
nbCerts := len(r.TLS.PeerCertificates)
if nbCerts == 0 {
return nil, fmt.Errorf("missing_certificate_error")
}
return r.TLS.PeerCertificates[nbCerts-1], nil
}

@patrickdemers6 patrickdemers6 linked an issue Dec 24, 2024 that may be closed by this pull request
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Running fleet telemetry behind a trusted proxy
2 participants