Enable TLS for UNIX Sockets via Env Var

This patch provides a way to reenable TLS for UNIX sockets by setting the environment variable `LIBSTORAGE_TLS_SOCKITTOME` to a truthy value.
thecodeteam · May 5, 2017 · 114e039 · 114e039
1 parent 7d0eb86
commit 114e039
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 23 deletions.
diff --git a/api/server/server_http.go b/api/server/server_http.go
@@ -9,7 +9,6 @@ import (
 	"net"
 	"net/http"
 	"os"
-	"strings"
 	"sync"
 
 	log "github.com/Sirupsen/logrus"
@@ -125,19 +124,10 @@ func (s *server) initEndpoints(ctx types.Context) error {
 			"address":  laddr,
 		}
 
-		var tlsConfig *types.TLSConfig
-
-		// disable TLS for UNIX sockets
-		if !strings.EqualFold(proto, "unix") {
-			if tlsConfig, err =
-				utils.ParseTLSConfig(
-					s.ctx,
-					s.config.Scope(endpoint),
-					logFields,
-					types.ConfigServer,
-					endpoint); err != nil {
-				return err
-			}
+		tlsConfig, err := utils.ParseTLSConfig(
+			s.ctx, s.config, proto, logFields, types.ConfigServer)
+		if err != nil {
+			return err
 		}
 
 		ctx.WithFields(logFields).Info("configured endpoint")

diff --git a/api/utils/utils_tls.go b/api/utils/utils_tls.go
@@ -54,9 +54,19 @@ func ParseKnownHost(
 func ParseTLSConfig(
 	ctx types.Context,
 	config gofig.Config,
+	proto string,
 	fields log.Fields,
 	roots ...string) (tlsConfig *types.TLSConfig, tlsErr error) {
 
+	if strings.EqualFold(proto, "unix") {
+		enable, _ := strconv.ParseBool(
+			os.Getenv("LIBSTORAGE_TLS_SOCKITTOME"))
+		if !enable {
+			ctx.Debug("disabling tls for unix sockets")
+			return nil, nil
+		}
+	}
+
 	ctx.Debug("parsing tls config")
 
 	pathConfig := context.MustPathConfig(ctx)

diff --git a/drivers/storage/libstorage/libstorage_driver.go b/drivers/storage/libstorage/libstorage_driver.go
@@ -68,15 +68,10 @@ func (d *driver) Init(ctx types.Context, config gofig.Config) error {
 		return err
 	}
 
-	var tlsConfig *types.TLSConfig
-
-	// disable TLS for UNIX sockets
-	if !strings.EqualFold(proto, "unix") {
-		tlsConfig, err = utils.ParseTLSConfig(
-			d.ctx, config, logFields, types.ConfigClient)
-		if err != nil {
-			return err
-		}
+	tlsConfig, err := utils.ParseTLSConfig(
+		d.ctx, config, proto, logFields, types.ConfigClient)
+	if err != nil {
+		return err
 	}
 
 	host := getHost(d.ctx, proto, lAddr, tlsConfig)