Add ability to disable mTLS

[virtualzone]

Description

This PR adds support for disabling mTLS/TLS. This allows for running fleet telemetry behind a trusted proxy in a secure network which takes care of mTLS handling. mTLS can be disabled in the config by setting disable_tls to true. By default, this value is not set (= false), resulting in the same behaviour as before and ensuring a secure configuration.

Fixes #171

Type of change

Please select all options that apply to this change:

• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Bug fix (non-breaking change which fixes an issue)
• Documentation update

Checklist:

Confirm you have completed the following steps:

• My code follows the style of this project.
• I have performed a self-review of my code.
• I have made corresponding updates to the documentation.
• I have added/updated unit tests to cover my changes.
• I have added/updated integration tests to cover my changes.

[patrickdemers6]

Sorry for the late review.

Has this been tested? I don't see how it would work as is. The vehicle connection handler uses the TLS cert to identify a device. With this change, wouldn't that be unavailable?

Reviewing this from a code perspective... will need opinion for @sethterashima for security.

[patrickdemers6]

Move this up, no point in extracting TLSConfig if not going to use it.

[patrickdemers6]

which takes care of mTLS handling => which handles mTLS

[patrickdemers6]

Don't enter this code path at all if TLS disabled?

[patrickdemers6]

imo no need for this example file since disable_tls is the only option that has changed from the base example.

[patrickdemers6]

comment incorrect now

[netdata-be]

@virtualzone can you update your code with main ?

[klurpicolo]

Hi Tesla team,
I’m requesting a similar feature. I’ve forked your repository and submitted part of the code in this pull request. #279