Add possibility to skip tls verification for consul

src/config/options.rs

@@ -39,6 +39,8 @@ pub struct ConfigOptsConsul {
   pub url: Option<String>,
   /// Consul's CA certificate [default: None]
   pub ca_cert: Option<String>,
+  /// Skip TLS verification for Consul server
+  pub tls_skip_verify: bool,
   /// Consul's client certificate [default: None]
   pub client_cert: Option<String>,
   /// Consul's client key [default: None]

src/config/runtime.rs

@@ -20,7 +20,7 @@ pub struct RuntimeConfigAcme {
 pub struct RuntimeConfigConsul {
   pub node_name: String,
   pub url: String,
-  pub tls: Option<(reqwest::Certificate, reqwest::Identity)>,
+  pub tls: Option<(Option<reqwest::Certificate>, bool, reqwest::Identity)>,
 }
 
 #[derive(Debug)]
@@ -80,11 +80,16 @@ impl RuntimeConfigConsul {
       .expect("'DIPLONAT_CONSUL_NODE_NAME' environment variable is required");
     let url = opts.url.unwrap_or(super::CONSUL_URL.to_string());
 
-    let tls = match (&opts.ca_cert, &opts.client_cert, &opts.client_key) {
-      (Some(ca_cert), Some(client_cert), Some(client_key)) => {
-        let mut ca_cert_buf = vec![];
-        File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?;
-        let cert = reqwest::Certificate::from_pem(&ca_cert_buf[..])?;
+    let tls = match (&opts.client_cert, &opts.client_key) {
+      (Some(client_cert), Some(client_key)) => {
+        let cert = match &opts.ca_cert {
+          Some(ca_cert) => {
+            let mut ca_cert_buf = vec![];
+            File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?;
+            Some(reqwest::Certificate::from_pem(&ca_cert_buf[..])?)
+          }
+          None => None,
+        };
 
         let mut client_cert_buf = vec![];
         File::open(client_cert)?.read_to_end(&mut client_cert_buf)?;
@@ -95,9 +100,9 @@ impl RuntimeConfigConsul {
         let ident =
           reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?;
 
-        Some((cert, ident))
+        Some((cert, opts.tls_skip_verify, ident))
       }
-      (None, None, None) => None,
+      (None, None) => None,
       _ => bail!("Incomplete TLS configuration parameters"),
     };
 

src/consul.rs

@@ -23,13 +23,28 @@ pub struct Consul {
 
 impl Consul {
   pub fn new(config: &RuntimeConfigConsul) -> Self {
-    let client = if let Some((ca, ident)) = config.tls.clone() {
-      reqwest::Client::builder()
-        .use_rustls_tls()
-        .add_root_certificate(ca)
-        .identity(ident)
-        .build()
-        .expect("Unable to build reqwest client")
+    let client = if let Some((ca, skip_verify, ident)) = config.tls.clone() {
+      if skip_verify {
+        reqwest::Client::builder()
+          .use_rustls_tls()
+          .danger_accept_invalid_certs(true)
+          .identity(ident)
+          .build()
+          .expect("Unable to build reqwest client")
+      } else if let Some(ca) = ca {
+        reqwest::Client::builder()
+          .use_rustls_tls()
+          .add_root_certificate(ca)
+          .identity(ident)
+          .build()
+          .expect("Unable to build reqwest client")
+      } else {
+        reqwest::Client::builder()
+          .use_rustls_tls()
+          .identity(ident)
+          .build()
+          .expect("Unable to build reqwest client")
+      }
     } else {
       reqwest::Client::new()
     };