From 114e039d7dd73c7793c5ef6cf013afdc2e7f6c08 Mon Sep 17 00:00:00 2001
From: akutz <sakutz@gmail.com>
Date: Fri, 5 May 2017 10:13:02 -0500
Subject: [PATCH] Enable TLS for UNIX Sockets via Env Var

This patch provides a way to reenable TLS for UNIX sockets by
setting the environment variable `LIBSTORAGE_TLS_SOCKITTOME` to
a truthy value.
---
 api/server/server_http.go                      | 18 ++++--------------
 api/utils/utils_tls.go                         | 10 ++++++++++
 .../storage/libstorage/libstorage_driver.go    | 13 ++++---------
 3 files changed, 18 insertions(+), 23 deletions(-)

diff --git a/api/server/server_http.go b/api/server/server_http.go
index 29ac8338..70c0987b 100644
--- a/api/server/server_http.go
+++ b/api/server/server_http.go
@@ -9,7 +9,6 @@ import (
 	"net"
 	"net/http"
 	"os"
-	"strings"
 	"sync"
 
 	log "github.com/Sirupsen/logrus"
@@ -125,19 +124,10 @@ func (s *server) initEndpoints(ctx types.Context) error {
 			"address":  laddr,
 		}
 
-		var tlsConfig *types.TLSConfig
-
-		// disable TLS for UNIX sockets
-		if !strings.EqualFold(proto, "unix") {
-			if tlsConfig, err =
-				utils.ParseTLSConfig(
-					s.ctx,
-					s.config.Scope(endpoint),
-					logFields,
-					types.ConfigServer,
-					endpoint); err != nil {
-				return err
-			}
+		tlsConfig, err := utils.ParseTLSConfig(
+			s.ctx, s.config, proto, logFields, types.ConfigServer)
+		if err != nil {
+			return err
 		}
 
 		ctx.WithFields(logFields).Info("configured endpoint")
diff --git a/api/utils/utils_tls.go b/api/utils/utils_tls.go
index 29500b7d..00de228c 100644
--- a/api/utils/utils_tls.go
+++ b/api/utils/utils_tls.go
@@ -54,9 +54,19 @@ func ParseKnownHost(
 func ParseTLSConfig(
 	ctx types.Context,
 	config gofig.Config,
+	proto string,
 	fields log.Fields,
 	roots ...string) (tlsConfig *types.TLSConfig, tlsErr error) {
 
+	if strings.EqualFold(proto, "unix") {
+		enable, _ := strconv.ParseBool(
+			os.Getenv("LIBSTORAGE_TLS_SOCKITTOME"))
+		if !enable {
+			ctx.Debug("disabling tls for unix sockets")
+			return nil, nil
+		}
+	}
+
 	ctx.Debug("parsing tls config")
 
 	pathConfig := context.MustPathConfig(ctx)
diff --git a/drivers/storage/libstorage/libstorage_driver.go b/drivers/storage/libstorage/libstorage_driver.go
index f51e7e9c..66416ed4 100644
--- a/drivers/storage/libstorage/libstorage_driver.go
+++ b/drivers/storage/libstorage/libstorage_driver.go
@@ -68,15 +68,10 @@ func (d *driver) Init(ctx types.Context, config gofig.Config) error {
 		return err
 	}
 
-	var tlsConfig *types.TLSConfig
-
-	// disable TLS for UNIX sockets
-	if !strings.EqualFold(proto, "unix") {
-		tlsConfig, err = utils.ParseTLSConfig(
-			d.ctx, config, logFields, types.ConfigClient)
-		if err != nil {
-			return err
-		}
+	tlsConfig, err := utils.ParseTLSConfig(
+		d.ctx, config, proto, logFields, types.ConfigClient)
+	if err != nil {
+		return err
 	}
 
 	host := getHost(d.ctx, proto, lAddr, tlsConfig)