mdeuser commented on a change in pull request #2864: Add the support of
certificate checking for secure mode
URL:
https://github.com/apache/incubator-openwhisk/pull/2864#discussion_r145529633
##########
File path: tools/cli/go-whisk/whisk/client.go
##########
@@ -94,30 +94,22 @@ var DefaultObfuscateArr = []ObfuscateSet{
func NewClient(httpClient *http.Client, config *Config) (*Client, error) {
- // Disable certificate checking in the dev environment if in insecure mode
- if config.Insecure {
- Debug(DbgInfo, "Disabling certificate checking.\n")
- var tlsConfig *tls.Config
- if config.Cert != "" && config.Key != "" {
- if cert, err := tls.LoadX509KeyPair(config.Cert, config.Key); err
== nil {
- tlsConfig = &tls.Config{
- Certificates: []tls.Certificate{cert},
- InsecureSkipVerify: true,
- }
- }
- }else{
- tlsConfig = &tls.Config{
- InsecureSkipVerify: true,
- }
- }
+ if httpClient == nil {
+ httpClient = http.DefaultClient
+ }
- http.DefaultClient.Transport = &http.Transport{
- TLSClientConfig: tlsConfig,
+ tlsConfig := &tls.Config {
+ InsecureSkipVerify: config.Insecure,
+ }
+
+ if config.Cert != "" && config.Key != "" {
+ if cert, err := ReadX509KeyPair(config.Cert, config.Key); err == nil {
Review comment:
i think we should log the failure at a minimum as this information might
lead to the root cause of the eventual failure.
i'm still not yet convinced that the cli should continue if it was
configured to use some specific certificate and that certificate cannot be
read/used for some reason.
if the command is `wsk property`, then we can ignore the cert/key when
creating the http client if both are not specified.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
