fix cert auth
This commit is contained in:
parent
d0c1dec64b
commit
2e2f2c29af
9
main.go
9
main.go
|
@ -155,12 +155,11 @@ func run() int {
|
|||
|
||||
mainLogger.Info("Starting proxy server...")
|
||||
if args.cert != "" {
|
||||
cfg, err1 := makeServerTLSConfig(args.cert, args.key, args.cafile)
|
||||
cfg, err1 := makeServerTLSConfig(args.cert, args.key, args.cafile, args.ciphers)
|
||||
if err1 != nil {
|
||||
mainLogger.Critical("TLS config construction failed: %v", err1)
|
||||
return 3
|
||||
}
|
||||
cfg.CipherSuites = makeCipherList(args.ciphers)
|
||||
server.TLSConfig = cfg
|
||||
err = server.ListenAndServeTLS("", "")
|
||||
} else if args.autocert {
|
||||
|
@ -180,7 +179,11 @@ func run() int {
|
|||
}()
|
||||
}
|
||||
cfg := m.TLSConfig()
|
||||
cfg.CipherSuites = makeCipherList(args.ciphers)
|
||||
cfg, err = updateServerTLSConfig(cfg, args.cafile, args.ciphers)
|
||||
if err != nil {
|
||||
mainLogger.Critical("TLS config construction failed: %v", err)
|
||||
return 3
|
||||
}
|
||||
server.TLSConfig = cfg
|
||||
err = server.ListenAndServeTLS("", "")
|
||||
} else {
|
||||
|
|
20
utils.go
20
utils.go
|
@ -149,7 +149,7 @@ func copyBody(wr io.Writer, body io.Reader) {
|
|||
}
|
||||
}
|
||||
|
||||
func makeServerTLSConfig(certfile, keyfile, cafile string) (*tls.Config, error) {
|
||||
func makeServerTLSConfig(certfile, keyfile, cafile, ciphers string) (*tls.Config, error) {
|
||||
var cfg tls.Config
|
||||
cert, err := tls.LoadX509KeyPair(certfile, keyfile)
|
||||
if err != nil {
|
||||
|
@ -168,9 +168,27 @@ func makeServerTLSConfig(certfile, keyfile, cafile string) (*tls.Config, error)
|
|||
cfg.ClientCAs = roots
|
||||
cfg.ClientAuth = tls.VerifyClientCertIfGiven
|
||||
}
|
||||
cfg.CipherSuites = makeCipherList(ciphers)
|
||||
return &cfg, nil
|
||||
}
|
||||
|
||||
func updateServerTLSConfig(cfg *tls.Config, cafile, ciphers string) (*tls.Config, error) {
|
||||
if cafile != "" {
|
||||
roots := x509.NewCertPool()
|
||||
certs, err := ioutil.ReadFile(cafile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if ok := roots.AppendCertsFromPEM(certs); !ok {
|
||||
return nil, errors.New("Failed to load CA certificates")
|
||||
}
|
||||
cfg.ClientCAs = roots
|
||||
cfg.ClientAuth = tls.VerifyClientCertIfGiven
|
||||
}
|
||||
cfg.CipherSuites = makeCipherList(ciphers)
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
func makeCipherList(ciphers string) []uint16 {
|
||||
if ciphers == "" {
|
||||
return nil
|
||||
|
|
Loading…
Reference in New Issue