diff --git a/cmd/up.go b/cmd/up.go index 3939086ba..5c7138f9e 100644 --- a/cmd/up.go +++ b/cmd/up.go @@ -28,8 +28,10 @@ var ( os.Exit(ExitSetupFailed) } + var sigTLSEnabled = false + ctx := context.Background() - signalClient, err := sig.NewClient(ctx, config.SignalAddr, myKey) + signalClient, err := sig.NewClient(ctx, config.SignalAddr, myKey, sigTLSEnabled) if err != nil { log.Errorf("error while connecting to the Signal Exchange Service %s: %s", config.SignalAddr, err) os.Exit(ExitSetupFailed) diff --git a/connection/engine_test.go b/connection/engine_test.go index 07c39da83..d0268d495 100644 --- a/connection/engine_test.go +++ b/connection/engine_test.go @@ -39,7 +39,9 @@ func Test_Start(t *testing.T) { iFaceBlackList := make(map[string]struct{}) - signalClient, err := sig.NewClient(ctx, "signal.wiretrustee.com:10000", testKey) + var sigTLSEnabled = false + + signalClient, err := sig.NewClient(ctx, "signal.wiretrustee.com:10000", testKey, sigTLSEnabled) if err != nil { t.Fatal(err) } diff --git a/signal/client.go b/signal/client.go index bedcaaaf3..40b732386 100644 --- a/signal/client.go +++ b/signal/client.go @@ -2,6 +2,7 @@ package signal import ( "context" + "crypto/tls" "fmt" "github.com/cenkalti/backoff/v4" log "github.com/sirupsen/logrus" @@ -10,6 +11,7 @@ import ( "golang.zx2c4.com/wireguard/wgctrl/wgtypes" "google.golang.org/grpc" "google.golang.org/grpc/codes" + "google.golang.org/grpc/credentials" "google.golang.org/grpc/keepalive" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" @@ -38,12 +40,18 @@ func (c *Client) Close() error { } // NewClient creates a new Signal client -func NewClient(ctx context.Context, addr string, key wgtypes.Key) (*Client, error) { +func NewClient(ctx context.Context, addr string, key wgtypes.Key, tlsEnabled bool) (*Client, error) { + + transportOption := grpc.WithInsecure() + + if tlsEnabled { + transportOption = grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{})) + } conn, err := grpc.DialContext( ctx, addr, - grpc.WithInsecure(), + transportOption, grpc.WithBlock(), grpc.WithKeepaliveParams(keepalive.ClientParameters{ Time: 3 * time.Second, diff --git a/signal/signal_test.go b/signal/signal_test.go index b43bba129..057408db7 100644 --- a/signal/signal_test.go +++ b/signal/signal_test.go @@ -144,7 +144,8 @@ var _ = Describe("Client", func() { }) func createSignalClient(addr string, key wgtypes.Key) *signal.Client { - client, err := signal.NewClient(context.Background(), addr, key) + var sigTLSEnabled = false + client, err := signal.NewClient(context.Background(), addr, key, sigTLSEnabled) if err != nil { Fail("failed creating signal client") }