Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

enable require client cert

pull/3226/head
Konstantin Lebedev 3 years ago
parent
ea7cdb8b0e
commit
b0aa51d7ef
1 changed files with 3 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      weed/security/tls.go

6
weed/security/tls.go
View File

@ -64,12 +64,12 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption
RootOptions: advancedtls.RootCertificateOptions{ RootOptions: advancedtls.RootCertificateOptions{
RootProvider: serverRootProvider, RootProvider: serverRootProvider,
}, },
RequireClientCert: false,
RequireClientCert: true,
VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) { VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) {
glog.V(0).Infof("Client common name: %s.\n", params.Leaf.Subject.CommonName) glog.V(0).Infof("Client common name: %s.\n", params.Leaf.Subject.CommonName)
return &advancedtls.VerificationResults{}, nil return &advancedtls.VerificationResults{}, nil
}, },
VType: advancedtls.SkipVerification,
VType: advancedtls.CertVerification,
} }
ta, err := advancedtls.NewServerCreds(options) ta, err := advancedtls.NewServerCreds(options)
if err != nil { if err != nil {
@ -134,7 +134,7 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption {
RootOptions: advancedtls.RootCertificateOptions{ RootOptions: advancedtls.RootCertificateOptions{
RootProvider: clientRootProvider, RootProvider: clientRootProvider,
}, },
VType: advancedtls.SkipVerification,
VType: advancedtls.CertVerification,
} }
ta, err := advancedtls.NewClientCreds(options) ta, err := advancedtls.NewClientCreds(options)
if err != nil { if err != nil {

Write Preview
Loading…
Cancel
Save