Set InsecureSkipVerify correctly when theres no client cert, rename verify_client_certificates to verify_certificates

2017-06-30 07:20:38 +02:00 · 2017-06-30 07:20:38 +02:00 · 786d8013b9
commit 786d8013b9
parent f1e44661b8
3 changed files with 14 additions and 9 deletions
--- a/config.default.toml
+++ b/config.default.toml
@ -1,5 +1,5 @@
 port = 80
-verify_client_certificates = true
+verify_certificates = true
 # Defaults for the client connect form
 [defaults]
--- a/server/irc.go
+++ b/server/irc.go
@ -4,10 +4,9 @@ import (
 	"crypto/tls"
 	"net"
 	"github.com/spf13/viper"
 	"github.com/khlieng/dispatch/irc"
 	"github.com/khlieng/dispatch/storage"
 	"github.com/spf13/viper"
 )
 func createNickInUseHandler(i *irc.Client, session *Session) func(string) string {
@ -34,10 +33,13 @@ func reconnectIRC() {
 			i.Realname = server.Realname
 			i.HandleNickInUse = createNickInUseHandler(i, session)
-			if cert := user.GetCertificate(); cert != nil {
+			if i.TLS {
 				i.TLSConfig = &tls.Config{
-					Certificates:       []tls.Certificate{*cert},
+					InsecureSkipVerify: !viper.GetBool("verify_certificates"),
-					InsecureSkipVerify: !viper.GetBool("verify_client_certificates"),
+				}
 				if cert := user.GetCertificate(); cert != nil {
 					i.TLSConfig.Certificates = []tls.Certificate{*cert}
 				}
 			}
--- a/server/websocket_handler.go
+++ b/server/websocket_handler.go
@ -111,10 +111,13 @@ func (h *wsHandler) connect(b []byte) {
 			i.Password = data.Password
 		}
-		if cert := h.session.user.GetCertificate(); cert != nil {
+		if i.TLS {
 			i.TLSConfig = &tls.Config{
-				Certificates:       []tls.Certificate{*cert},
+				InsecureSkipVerify: !viper.GetBool("verify_certificates"),
-				InsecureSkipVerify: !viper.GetBool("verify_client_certificates"),
+			}
 			if cert := h.session.user.GetCertificate(); cert != nil {
 				i.TLSConfig.Certificates = []tls.Certificate{*cert}
 			}
 		}