commit 8535cb5bc5437960430ff94d3ea7280ccf931340
author Serge Bazanski <serge@monogon.tech> Wed Mar 29 14:15:08 2023 +0200
committer Serge Bazanski <serge@monogon.tech> Wed Mar 29 17:18:22 2023 +0000
tree 57edb5cf064ad8b43aef52c1bbb974dd5cce7c26
parent 30fd15406e2c9cba7391f6af96c775b313a115fa

m/n/core/rpc: implement node verification in authenticated connections

The current API of NewAuthenticatedCredentials is not easily extensible,
so switch over to such an API now.

This then adds a WantRemoteNode option which verifies that the remote
connection is established to a node with a given ID.

Change-Id: Ie9f6b33d8b032729181bae5591eba9856ea2f523
Reviewed-on: https://review.monogon.dev/c/monogon/+/1427
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

metropolis/cli/metroctl/core/rpc.go

diff --git a/metropolis/cli/metroctl/core/rpc.go b/metropolis/cli/metroctl/core/rpc.go
index 8d7565f..00f1f01 100644
--- a/metropolis/cli/metroctl/core/rpc.go
+++ b/metropolis/cli/metroctl/core/rpc.go
@@ -58,7 +58,7 @@
 			Certificate: [][]byte{ocert.Raw},
 			PrivateKey:  opkey,
 		}
-		creds := rpc.NewAuthenticatedCredentials(tlsc, nil)
+		creds := rpc.NewAuthenticatedCredentials(tlsc, rpc.WantInsecure())
 		dialOpts = append(dialOpts, grpc.WithTransportCredentials(creds))
 	}