Skip to content
Snippets Groups Projects
Commit 232cb4db authored by ale's avatar ale
Browse files

Rename client backend tls config attr to just 'tls'

For uniformity with the serverutil package. Also, make error checking
on client TLS setup a bit stricter.
parent 39b1908a
Branches
Tags
No related merge requests found
......@@ -13,7 +13,7 @@ import (
// 'shard' parameter on their APIs.
type BackendConfig struct {
URL string `yaml:"url"`
TLSConfig *TLSClientConfig `yaml:"tls_config"`
TLSConfig *TLSClientConfig `yaml:"tls"`
Sharded bool `yaml:"sharded"`
Debug bool `yaml:"debug"`
}
......
......@@ -2,6 +2,7 @@ package clientutil
import (
"crypto/tls"
"errors"
common "git.autistici.org/ai3/go-common"
)
......@@ -16,6 +17,10 @@ type TLSClientConfig struct {
// TLSConfig returns a tls.Config object with the current configuration.
func (c *TLSClientConfig) TLSConfig() (*tls.Config, error) {
if c.Cert == "" || c.Key == "" || c.CA == "" {
return nil, errors.New("incomplete client tls specification")
}
cert, err := tls.LoadX509KeyPair(c.Cert, c.Key)
if err != nil {
return nil, err
......@@ -24,13 +29,11 @@ func (c *TLSClientConfig) TLSConfig() (*tls.Config, error) {
Certificates: []tls.Certificate{cert},
}
if c.CA != "" {
cas, err := common.LoadCA(c.CA)
if err != nil {
return nil, err
}
tlsConf.RootCAs = cas
cas, err := common.LoadCA(c.CA)
if err != nil {
return nil, err
}
tlsConf.RootCAs = cas
tlsConf.BuildNameToCertificate()
return tlsConf, nil
......
......@@ -2,6 +2,7 @@ package common
import (
"crypto/x509"
"fmt"
"io/ioutil"
)
......@@ -12,6 +13,8 @@ func LoadCA(path string) (*x509.CertPool, error) {
return nil, err
}
cas := x509.NewCertPool()
cas.AppendCertsFromPEM(data)
if !cas.AppendCertsFromPEM(data) {
return nil, fmt.Errorf("no certificates could be parsed in %s", path)
}
return cas, nil
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment