From 8a2f93a102ce3d764d488f378b79a5780e97c0be Mon Sep 17 00:00:00 2001
From: Frederic Branczyk <fbranczyk@gmail.com>
Date: Fri, 7 Oct 2016 16:19:42 +0200
Subject: [PATCH] *: allow use of mesh encryption through password parameter

---
 cmd/alertmanager/main.go | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/cmd/alertmanager/main.go b/cmd/alertmanager/main.go
index ea7218a1..ce1879af 100644
--- a/cmd/alertmanager/main.go
+++ b/cmd/alertmanager/main.go
@@ -84,6 +84,7 @@ func main() {
 		meshListen = flag.String("mesh.listen-address", net.JoinHostPort("0.0.0.0", strconv.Itoa(mesh.Port)), "mesh listen address")
 		hwaddr     = flag.String("mesh.hardware-address", mustHardwareAddr(), "MAC address, i.e. mesh peer ID")
 		nickname   = flag.String("mesh.nickname", mustHostname(), "peer nickname")
+		password   = flag.String("mesh.password", "", "password to join the peer network (empty password disables encryption)")
 	)
 	flag.Var(peers, "mesh.peer", "initial peers (may be repeated)")
 	flag.Parse()
@@ -106,7 +107,7 @@ func main() {
 	}
 
 	logger := log.NewLogger(os.Stderr)
-	mrouter := initMesh(*meshListen, *hwaddr, *nickname)
+	mrouter := initMesh(*meshListen, *hwaddr, *nickname, *password)
 
 	stopc := make(chan struct{})
 	var wg sync.WaitGroup
@@ -303,7 +304,7 @@ func meshWait(r *mesh.Router, timeout time.Duration) func() time.Duration {
 	}
 }
 
-func initMesh(addr, hwaddr, nickname string) *mesh.Router {
+func initMesh(addr, hwaddr, nickname, pw string) *mesh.Router {
 	host, portStr, err := net.SplitHostPort(addr)
 
 	if err != nil {
@@ -319,11 +320,18 @@ func initMesh(addr, hwaddr, nickname string) *mesh.Router {
 		log.Fatalf("invalid hardware address %q: %v", hwaddr, err)
 	}
 
+	password := []byte(pw)
+	if len(password) == 0 {
+		// Emtpy password is used to disable secure communication. Using a nil
+		// password disables encryption in mesh.
+		password = nil
+	}
+
 	return mesh.NewRouter(mesh.Config{
 		Host:               host,
 		Port:               port,
 		ProtocolMinVersion: mesh.ProtocolMinVersion,
-		Password:           []byte(""),
+		Password:           password,
 		ConnLimit:          64,
 		PeerDiscovery:      true,
 		TrustedSubnets:     []*net.IPNet{},