1 files changed, 29 insertions, 13 deletions

diff --git a/src/consul.rs b/src/consul.rs
index cba435a..13b99d8 100644
--- a/src/consul.rs
+++ b/src/consul.rs
@@ -11,6 +11,7 @@ use serde::{Deserialize, Serialize};
 pub struct ConsulConfig {
 	pub addr: String,
 	pub ca_cert: Option<String>,
+	pub tls_skip_verify: bool,
 	pub client_cert: Option<String>,
 	pub client_key: Option<String>,
 }
@@ -88,26 +89,41 @@ pub struct Consul {
 
 impl Consul {
 	pub fn new(config: ConsulConfig, kv_prefix: &str, local_node: &str) -> Result<Self> {
-		let client = match (&config.ca_cert, &config.client_cert, &config.client_key) {
-			(Some(ca_cert), Some(client_cert), Some(client_key)) => {
-				let mut ca_cert_buf = vec![];
-				File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?;
-
+		let client = match (&config.client_cert, &config.client_key) {
+			(Some(client_cert), Some(client_key)) => {
 				let mut client_cert_buf = vec![];
 				File::open(client_cert)?.read_to_end(&mut client_cert_buf)?;
 
 				let mut client_key_buf = vec![];
 				File::open(client_key)?.read_to_end(&mut client_key_buf)?;
 
-				reqwest::Client::builder()
-					.use_rustls_tls()
-					.add_root_certificate(reqwest::Certificate::from_pem(&ca_cert_buf[..])?)
-					.identity(reqwest::Identity::from_pem(
-						&[&client_cert_buf[..], &client_key_buf[..]].concat()[..],
-					)?)
-					.build()?
+				let identity = reqwest::Identity::from_pem(
+					&[&client_cert_buf[..], &client_key_buf[..]].concat()[..],
+				)?;
+
+				if config.tls_skip_verify {
+					reqwest::Client::builder()
+						.use_rustls_tls()
+						.danger_accept_invalid_certs(true)
+						.identity(identity)
+						.build()?
+				} else if let Some(ca_cert) = &config.ca_cert {
+					let mut ca_cert_buf = vec![];
+					File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?;
+
+					reqwest::Client::builder()
+						.use_rustls_tls()
+						.add_root_certificate(reqwest::Certificate::from_pem(&ca_cert_buf[..])?)
+						.identity(identity)
+						.build()?
+				} else {
+					reqwest::Client::builder()
+						.use_rustls_tls()
+						.identity(identity)
+						.build()?
+				}
 			}
-			(None, None, None) => reqwest::Client::new(),
+			(None, None) => reqwest::Client::new(),
 			_ => bail!("Incomplete Consul TLS configuration parameters"),
 		};