Merge pull request #353 from blutack/features/clientless_ssl

cbusbey · web-flow · commit 0b057610cc25 · 2019-02-04T15:15:02.000-06:00
Add SocketUseSSL parameter to allow SSL/TLS without client certs
diff --git a/config/configuration.go b/config/configuration.go
@@ -22,6 +22,7 @@ const (
 	SocketInsecureSkipVerify     string = "SocketInsecureSkipVerify"
 	SocketMinimumTLSVersion      string = "SocketMinimumTLSVersion"
 	SocketTimeout                string = "SocketTimeout"
+	SocketUseSSL                 string = "SocketUseSSL"
 	DefaultApplVerID             string = "DefaultApplVerID"
 	StartTime                    string = "StartTime"
 	EndTime                      string = "EndTime"
diff --git a/config/doc.go b/config/doc.go
@@ -284,6 +284,10 @@ SocketMinimumTLSVersion
 
 Specify the Minimum TLS version to use when creating a secure connection. The valid choices are SSL30, TLS10, TLS11, TLS12. Defaults to TLS12.
 
+SocketUseSSL
+
+Use SSL for initiators even if client certificates are not present. If set to N or omitted, TLS will not be used if SocketPrivateKeyFile or SocketCertificateFile are not supplied.
+
 PersistMessages
 
 If set to N, no messages will be persisted. This will force QuickFIX/Go to always send GapFills instead of resending messages. Use this if you know you never want to resend a message. Useful for market data streams.  Valid Values:
diff --git a/tls.go b/tls.go
@@ -10,6 +10,14 @@ import (
 )
 
 func loadTLSConfig(settings *SessionSettings) (tlsConfig *tls.Config, err error) {
+	allowSkipClientCerts := false
+	if settings.HasSetting(config.SocketUseSSL) {
+		allowSkipClientCerts, err = settings.BoolSetting(config.SocketUseSSL)
+		if err != nil {
+			return
+		}
+	}
+
 	insecureSkipVerify := false
 	if settings.HasSetting(config.SocketInsecureSkipVerify) {
 		insecureSkipVerify, err = settings.BoolSetting(config.SocketInsecureSkipVerify)
@@ -19,9 +27,9 @@ func loadTLSConfig(settings *SessionSettings) (tlsConfig *tls.Config, err error)
 	}
 
 	if !settings.HasSetting(config.SocketPrivateKeyFile) && !settings.HasSetting(config.SocketCertificateFile) {
-		if insecureSkipVerify {
+		if allowSkipClientCerts {
 			tlsConfig = defaultTLSConfig()
-			tlsConfig.InsecureSkipVerify = true
+			tlsConfig.InsecureSkipVerify = insecureSkipVerify
 		}
 		return
 	}
diff --git a/tls_test.go b/tls_test.go
@@ -90,6 +90,15 @@ func (s *TLSTestSuite) TestLoadTLSWithCA() {
 func (s *TLSTestSuite) TestInsecureSkipVerify() {
 	s.settings.GlobalSettings().Set(config.SocketInsecureSkipVerify, "Y")
 
+	tlsConfig, err := loadTLSConfig(s.settings.GlobalSettings())
+	s.Nil(err)
+	s.Nil(tlsConfig)
+}
+
+func (s *TLSTestSuite) TestInsecureSkipVerifyWithUseSSL() {
+	s.settings.GlobalSettings().Set(config.SocketUseSSL, "Y")
+	s.settings.GlobalSettings().Set(config.SocketInsecureSkipVerify, "Y")
+
 	tlsConfig, err := loadTLSConfig(s.settings.GlobalSettings())
 	s.Nil(err)
 	s.NotNil(tlsConfig)

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,14 @@ import (`
`10`	`10`	`)`
`11`	`11`
`12`	`12`	`func loadTLSConfig(settings SessionSettings) (tlsConfig tls.Config, err error) {`
	`13`	`+ allowSkipClientCerts := false`
	`14`	`+ if settings.HasSetting(config.SocketUseSSL) {`
	`15`	`+ allowSkipClientCerts, err = settings.BoolSetting(config.SocketUseSSL)`
	`16`	`+ if err != nil {`
	`17`	`+ return`
	`18`	`+ }`
	`19`	`+ }`
	`20`	`+`
`13`	`21`	`insecureSkipVerify := false`
`14`	`22`	`if settings.HasSetting(config.SocketInsecureSkipVerify) {`
`15`	`23`	`insecureSkipVerify, err = settings.BoolSetting(config.SocketInsecureSkipVerify)`
`@@ -19,9 +27,9 @@ func loadTLSConfig(settings SessionSettings) (tlsConfig tls.Config, err error)`
`19`	`27`	`}`
`20`	`28`
`21`	`29`	`if !settings.HasSetting(config.SocketPrivateKeyFile) && !settings.HasSetting(config.SocketCertificateFile) {`
`22`		`- if insecureSkipVerify {`
	`30`	`+ if allowSkipClientCerts {`
`23`	`31`	`tlsConfig = defaultTLSConfig()`
`24`		`- tlsConfig.InsecureSkipVerify = true`
	`32`	`+ tlsConfig.InsecureSkipVerify = insecureSkipVerify`
`25`	`33`	`}`
`26`	`34`	`return`
`27`	`35`	`}`