Skip to content

Commit

Permalink
allow tls skip verify even if ca_cert is not set
Browse files Browse the repository at this point in the history
  • Loading branch information
mkaczanowski committed Jan 16, 2024
1 parent fef8bf6 commit 7deb16d
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions src/keyring/providers/hashicorp/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -143,12 +143,15 @@ impl TendermintValidatorApp {
env!("CARGO_PKG_VERSION")
));

if let Some(ca_cert) = ca_cert {
let cert_bytes = fs::read(ca_cert).expect("Failed to read cert file");
let root_cert = native_tls::Certificate::from_pem(&cert_bytes)
.expect("Failed to parse PEM certificate");
if ca_cert.is_some() || skip_verify.is_some() {
let mut builder = native_tls::TlsConnector::builder();
builder.add_root_certificate(root_cert);

if let Some(ca_cert) = ca_cert {
let cert_bytes = fs::read(ca_cert).expect("Failed to read cert file");
let root_cert = native_tls::Certificate::from_pem(&cert_bytes)
.expect("Failed to parse PEM certificate");
builder.add_root_certificate(root_cert);
}

if skip_verify.is_some_and(|x| x) {
builder.danger_accept_invalid_certs(true);
Expand Down

0 comments on commit 7deb16d

Please sign in to comment.