fix(cert): skip secure verify still parse cert

Signed-off-by: Jiyong Huang <huangjy@emqx.io>
lf-edge · Dec 19, 2024 · 0d45ac1 · 0d45ac1
1 parent e9e1e51
commit 0d45ac1
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 11 deletions.
diff --git a/pkg/cert/cert.go b/pkg/cert/cert.go
@@ -1,4 +1,4 @@
-// Copyright 2023 EMQ Technologies Co., Ltd.
+// Copyright 2023-2024 EMQ Technologies Co., Ltd.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -170,10 +170,6 @@ func GenerateTLSForClient(
 		Renegotiation:      getRenegotiationSupport(Opts.RenegotiationSupport),
 		MinVersion:         getTLSMinVersion(Opts.TLSMinVersion),
 	}
-	if tlsConfig.InsecureSkipVerify {
-		return tlsConfig, nil
-	}
-
 	if !isCertDefined(Opts) {
 		tlsConfig.Certificates = nil
 	} else {

diff --git a/pkg/cert/cert_test.go b/pkg/cert/cert_test.go
@@ -1,3 +1,17 @@
+// Copyright 2024 EMQ Technologies Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package cert
 
 import (
@@ -175,12 +189,8 @@ func TestGenerateTLSForClient(t *testing.T) {
 					TLSMinVersion:        "",
 				},
 			},
-			want: &tls.Config{
-				InsecureSkipVerify: true,
-				MinVersion:         tls.VersionTLS12,
-				Renegotiation:      tls.RenegotiateNever,
-			},
-			wantErr: false,
+			want:    nil,
+			wantErr: true,
 		},
 	}
 	for _, tt := range tests {