Support skipping TLS verification client side

app/commands.go

@@ -160,6 +160,7 @@ func bindFlags(f *pflag.FlagSet, flags *flags, w io.Writer) {
 	f.BoolVar(&flags.common.web, "web", false, "use gRPC-Web protocol")
 	f.BoolVarP(&flags.common.reflection, "reflection", "r", false, "use gRPC reflection")
 	f.BoolVarP(&flags.common.tls, "tls", "t", false, "use a secure TLS connection")
+	f.BoolVarP(&flags.common.tlsInsecure, "tlsinsecure", "", false, "skip TLS validation")
 	f.StringVar(&flags.common.cacert, "cacert", "", "the CA certificate file for verifying the server")
 	f.StringVar(
 		&flags.common.cert,

app/flag.go

@@ -10,8 +10,9 @@ import (
 	"github.com/pkg/errors"
 )
 
-//nolint:maligned
 // flags defines available command line flags.
+//
+//nolint:maligned
 type flags struct {
 	mode struct {
 		repl bool
@@ -28,20 +29,21 @@ type flags struct {
 	}
 
 	common struct {
-		pkg        string
-		service    string
-		path       []string
-		proto      []string
-		host       string
-		port       string
-		header     map[string][]string
-		web        bool
-		reflection bool
-		tls        bool
-		cacert     string
-		cert       string
-		certKey    string
-		serverName string
+		pkg         string
+		service     string
+		path        []string
+		proto       []string
+		host        string
+		port        string
+		header      map[string][]string
+		web         bool
+		reflection  bool
+		tls         bool
+		tlsInsecure bool
+		cacert      string
+		cert        string
+		certKey     string
+		serverName  string
 	}
 
 	meta struct {

config/config.go

@@ -26,11 +26,12 @@ var (
 )
 
 type Server struct {
-	Host       string `toml:"host"`
-	Port       string `toml:"port"`
-	Reflection bool   `toml:"reflection"`
-	TLS        bool   `toml:"tls"`
-	Name       string `toml:"name"`
+	Host        string `toml:"host"`
+	Port        string `toml:"port"`
+	Reflection  bool   `toml:"reflection"`
+	TLS         bool   `toml:"tls"`
+	TLSInsecure bool   `toml:"tlsInsecure"`
+	Name        string `toml:"name"`
 }
 
 type Header map[string][]string
@@ -158,6 +159,7 @@ func newDefaultViper() *viper.Viper {
 	v.SetDefault("server.port", "50051")
 	v.SetDefault("server.reflection", false)
 	v.SetDefault("server.tls", false)
+	v.SetDefault("server.tlsInsecure", false)
 	v.SetDefault("server.name", "")
 
 	v.SetDefault("log.prefix", "evans: ")
@@ -183,6 +185,7 @@ func bindFlags(vp *viper.Viper, fs *pflag.FlagSet) {
 		"server.port":         "port",
 		"server.reflection":   "reflection",
 		"server.tls":          "tls",
+		"server.tlsInsecure":  "tlsinsecure",
 		"server.name":         "servername",
 		"request.header":      "header",
 		"request.web":         "web",

grpc/grpc.go

@@ -115,7 +115,7 @@ type client struct {
 // The set of cert and certKey enables mutual authentication if useTLS is enabled.
 // If one of it is not found, NewClient returns ErrMutualAuthParamsAreNotEnough.
 // If useTLS is false, cacert, cert and certKey are ignored.
-func NewClient(addr, serverName string, useReflection, useTLS bool, cacert, cert, certKey string, headers map[string][]string) (Client, error) {
+func NewClient(addr, serverName string, useReflection, useTLS, useInsecureTLS bool, cacert, cert, certKey string, headers map[string][]string) (Client, error) {
 	var opts []grpc.DialOption
 	if !useTLS {
 		opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
@@ -150,6 +150,14 @@ func NewClient(addr, serverName string, useReflection, useTLS bool, cacert, cert
 			opts = append(opts, grpc.WithAuthority(serverName))
 		}
 	}
+	if useInsecureTLS {
+		tlsCfg := tls.Config{
+			InsecureSkipVerify: true,
+		}
+		creds := credentials.NewTLS(&tlsCfg)
+		opts = append(opts, grpc.WithTransportCredentials(creds))
+	}
+
 	ctx, cancel := context.WithTimeout(context.Background(), 7*time.Second)
 	defer cancel()
 	conn, err := grpc.DialContext(ctx, addr, opts...)

mode/common.go

@@ -23,6 +23,7 @@ func newGRPCClient(cfg *config.Config) (grpc.Client, error) {
 		cfg.Server.Name,
 		cfg.Server.Reflection,
 		cfg.Server.TLS,
+		cfg.Server.TLSInsecure,
 		cfg.Request.CACertFile,
 		cfg.Request.CertFile,
 		cfg.Request.CertKeyFile,