Use OutgoingTLSWrapper for HTTP checks

[coderanger]

Would be nice to (optionally?) support the same TLS verification logic for HTTPS service checks as is used for other TLS connections. Specifically this comes up when using either an IP or localhost for a service check, but the certificate has some real public hostname on it.

[ryanuber]

Agreed, having the option to require verification or not would be a useful feature. Tagged as an enhancement!

[jlandure]

👍

[cvvs]

I have a similar problem, but we have to validate certs created with our private CA which is a little different. However, because it was rather trivial to reuse the verify_outgoing config option to enable or disable TLS validation for the http check, even through it doesn't quite match up.

I'm running a slightly different version of this in a test environment at the moment, and plan to test this exact version as soon as I fix the NPE it creates.
https://github.com/cvvs/consul/commit/d46bca94e4b0237cae261e515065ae5dd0fdc40e

[slackpad]

I think #3364 gets pretty close to this (and checks can skip verify as well).