Merge pull request #9378 from mattbostock/verify_tls

Bugfix: Always verify TLS unless explicitly told otherwise
2025-02-25 18:55:37 -06:00 · 2017-10-12 11:11:02 +02:00
parent 45704d4570 83f1ae4e3e
commit 9d53653647
8 changed files with 53 additions and 36 deletions
--- a/pkg/cmd/grafana-cli/main.go
+++ b/pkg/cmd/grafana-cli/main.go
@@ -17,8 +17,6 @@ var version = "master"
 func main() {
 	setupLogging()

-	services.Init(version)
-
 	app := cli.NewApp()
 	app.Name = "Grafana cli"
 	app.Usage = ""
@@ -44,12 +42,20 @@ func main() {
 			Value:  "",
 			EnvVar: "GF_PLUGIN_URL",
 		},
+		cli.BoolFlag{
+			Name:  "insecure",
+			Usage: "Skip TLS verification (insecure)",
+		},
 		cli.BoolFlag{
 			Name:  "debug, d",
 			Usage: "enable debug logging",
 		},
 	}

+	app.Before = func(c *cli.Context) error {
+		services.Init(version, c.GlobalBool("insecure"))
+		return nil
+	}
 	app.Commands = commands.Commands
 	app.CommandNotFound = cmdNotFound

--- a/pkg/cmd/grafana-cli/services/services.go
+++ b/pkg/cmd/grafana-cli/services/services.go
@@ -22,7 +22,7 @@ var (
 	grafanaVersion string
 )

-func Init(version string) {
+func Init(version string, skipTLSVerify bool) {
 	grafanaVersion = version

 	tr := &http.Transport{
@@ -36,8 +36,9 @@ func Init(version string) {
 		IdleConnTimeout:       90 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
-
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: false},
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: skipTLSVerify,
+		},
 	}

 	HttpClient = http.Client{