Browse Source

comma-separated SSL certificate common names

pull/1872/head
Konstantin Lebedev 4 years ago
parent
commit
0e02f7e258
  1. 8
      docker/compose/tls.env
  2. 3
      weed/security/tls.go

8
docker/compose/tls.env

@ -7,7 +7,7 @@ WEED_GRPC_FILER_CERT=/etc/seaweedfs/tls/filer01.crt
WEED_GRPC_FILER_KEY=/etc/seaweedfs/tls/filer01.key WEED_GRPC_FILER_KEY=/etc/seaweedfs/tls/filer01.key
WEED_GRPC_CLIENT_CERT=/etc/seaweedfs/tls/client01.crt WEED_GRPC_CLIENT_CERT=/etc/seaweedfs/tls/client01.crt
WEED_GRPC_CLIENT_KEY=/etc/seaweedfs/tls/client01.key WEED_GRPC_CLIENT_KEY=/etc/seaweedfs/tls/client01.key
WEED_GRPC_MASTER_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
WEED_GRPC_VOLUME_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
WEED_GRPC_FILER_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
WEED_GRPC_CLIENT_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
WEED_GRPC_MASTER_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
WEED_GRPC_VOLUME_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
WEED_GRPC_FILER_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
WEED_GRPC_CLIENT_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"

3
weed/security/tls.go

@ -10,6 +10,7 @@ import (
"google.golang.org/grpc/peer" "google.golang.org/grpc/peer"
"google.golang.org/grpc/status" "google.golang.org/grpc/status"
"io/ioutil" "io/ioutil"
"strings"
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
@ -48,7 +49,7 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption
ClientAuth: tls.RequireAndVerifyClientCert, ClientAuth: tls.RequireAndVerifyClientCert,
}) })
permitCommonNames := config.GetStringSlice(component + ".allowed_commonNames")
permitCommonNames := strings.Split(config.GetString(component+".allowed_commonNames"), ",")
if len(permitCommonNames) > 0 { if len(permitCommonNames) > 0 {
permitCommonNamesMap := make(map[string]bool) permitCommonNamesMap := make(map[string]bool)
for _, s := range permitCommonNames { for _, s := range permitCommonNames {

Loading…
Cancel
Save