Add a warning if cluster's insecure setting is enabled

For cluster, we allow to skip hostname verification from certificate. We now print a warning when this option is enabled, both on startup or if the property is enabled on config reload. Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
2026-04-17 03:24:40 -07:00 · 2019-04-09 17:14:02 -06:00
parent 98161722dc
commit 4dd1b26cc5
3 changed files with 36 additions and 0 deletions
--- a/server/reload.go
+++ b/server/reload.go
@@ -280,6 +280,9 @@ func (c *clusterOption) Apply(server *Server) {
 	server.setRouteInfoHostPortAndIP()
 	server.mu.Unlock()
 	server.Noticef("Reloaded: cluster")
+	if tlsRequired && c.newValue.TLSConfig.InsecureSkipVerify {
+		server.Warnf(clusterTLSInsecureWarning)
+	}
 }

 func (c *clusterOption) IsClusterPermsChange() bool {
--- a/server/route.go
+++ b/server/route.go
@@ -96,6 +96,9 @@ const (
 // done in place or in separate go routine.
 const sendRouteSubsInGoRoutineThreshold = 1024 * 1024 // 1MB

+// Warning when user configures cluster TLS insecure
+const clusterTLSInsecureWarning = "TLS Hostname verification disabled, system will not verify identity of the solicited route"
+
 // This will add a timer to watch over remote reply subjects in case
 // they fail to receive a response. The duration will be taken from the
 // accounts map timeout to match.
@@ -1482,6 +1485,10 @@ func (s *Server) routeAcceptLoop(ch chan struct{}) {
 	}
 	// Setup state that can enable shutdown
 	s.routeListener = l
+	// Warn if using Cluster.Insecure
+	if tlsReq && opts.Cluster.TLSConfig.InsecureSkipVerify {
+		s.Warnf(clusterTLSInsecureWarning)
+	}
 	s.mu.Unlock()

 	// Let them know we are up
--- a/test/cluster_tls_test.go
+++ b/test/cluster_tls_test.go
@@ -82,6 +82,21 @@ func (c *captureTLSError) Errorf(format string, v ...interface{}) {
 	}
 }

+type captureClusterTLSInsecureLogger struct {
+	dummyLogger
+	ch chan struct{}
+}
+
+func (c *captureClusterTLSInsecureLogger) Warnf(format string, v ...interface{}) {
+	msg := fmt.Sprintf(format, v...)
+	if strings.Contains(msg, "verification disabled") {
+		select {
+		case c.ch <- struct{}{}:
+		default:
+		}
+	}
+}
+
 func TestClusterTLSInsecure(t *testing.T) {
 	confA := createConfFile(t, []byte(`
 		port: -1
@@ -129,6 +144,10 @@ func TestClusterTLSInsecure(t *testing.T) {
 		t.Fatalf("Did not get handshake error")
 	}

+	// Set a logger that will capture the warning
+	wl := &captureClusterTLSInsecureLogger{ch: make(chan struct{}, 1)}
+	srvB.SetLogger(wl, false, false)
+
 	// Need to add "insecure: true" and reload
 	if err := ioutil.WriteFile(confB,
 		[]byte(fmt.Sprintf(bConfigTemplate, "insecure: true", optsA.Cluster.Host, optsA.Cluster.Port)),
@@ -140,4 +159,11 @@ func TestClusterTLSInsecure(t *testing.T) {
 	}

 	checkClusterFormed(t, srvA, srvB)
+
+	// Make sure we have the tracing
+	select {
+	case <-wl.ch:
+	case <-time.After(2 * time.Second):
+		t.Fatalf("Did not get warning about using cluster's insecure setting")
+	}
 }