TLS instead mTLS (validate server certificates only)

go-graphite / carbon-clickhouse

Graphite metrics receiver with ClickHouse as storage

MIT License

187 stars 47 forks source link

TLS instead mTLS (validate server certificates only) #133

Closed zostrich closed 11 months ago

zostrich commented 11 months ago

Hello! Unfortunately, in our installation, the option with mTLS is not very suitable. :-( Is it possible to validate server certificates only?

Civil commented 11 months ago

I'm not sure if anyone tried that, but based on the code: https://github.com/go-graphite/carbon-clickhouse/blob/66e33f862d2b27dfa5e191b205693727979401bd/helper/config/tls.go#L28-L39

You should be able to achive that by just skipping all the client certification part (basically don't fill ClientAuth)

zostrich commented 11 months ago

I'm not sure if anyone tried that, but based on the code:

https://github.com/go-graphite/carbon-clickhouse/blob/66e33f862d2b27dfa5e191b205693727979401bd/helper/config/tls.go#L28-L39

You should be able to achive that by just skipping all the client certification part (basically don't fill ClientAuth)

client-auth = "" works!)