support runner TLS certificates with specified certificate Common Names (#900)

* support runner TLS certificates with specified certificate Common Names * removes duplicate constant * run in insecure mode by default but expose ability to create tls-secured runner pools programmatically * fixes runner tests to use new tls interfaces
2022-10-28 21:29:17 +03:00 · 2018-03-28 13:57:15 +01:00
parent 966890ac8f
commit 348bbaf36b
6 changed files with 29 additions and 39 deletions
--- a/grpcutil/dial.go
+++ b/grpcutil/dial.go
@@ -39,7 +39,7 @@ func dial(ctx context.Context, address string, creds credentials.TransportCreden

 		conn, _, err = creds.ClientHandshake(ctx, address, conn)
 		if err != nil {
-			logrus.WithError(err).WithField("grpc_addr", address).Warn("Failed grpc handshake")
+			logrus.WithError(err).WithField("grpc_addr", address).Warn("Failed grpc TLS handshake")
 			return nil, err
 		}
 		return conn, nil
@@ -54,7 +54,9 @@ func dial(ctx context.Context, address string, creds credentials.TransportCreden
 }

 // CreateCredentials creates a new set of TLS credentials
-func CreateCredentials(certPath string, keyPath string, caCertPath string) (credentials.TransportCredentials, error) {
+// certificateCommonName must match the CN of the signed certificate
+// for the TLS handshake to work
+func CreateCredentials(certPath, keyPath, caCertPath, certCommonName string) (credentials.TransportCredentials, error) {
 	// Load the client certificates from disk
 	certificate, err := tls.LoadX509KeyPair(certPath, keyPath)
 	if err != nil {
@@ -74,7 +76,7 @@ func CreateCredentials(certPath string, keyPath string, caCertPath string) (cred
 	}

 	return credentials.NewTLS(&tls.Config{
-		ServerName:   "127.0.0.1", // NOTE: this is required!
+		ServerName:   certCommonName,
 		Certificates: []tls.Certificate{certificate},
 		RootCAs:      certPool,
 	}), nil