Skip to content
Snippets Groups Projects
Commit d9c9cc26 authored by ale's avatar ale
Browse files

Require client certificates conditionally on the presence of a CA

parent b151964c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 12 additions and 7 deletions
serverutil/tls.go
+ 12
7
View file @ d9c9cc26
......@@ -110,21 +110,26 @@ func (c *TLSServerConfig) TLSConfig() (*tls.Config, error) {
return nil, err
}
cas, err := common.LoadCA(c.CA)
if err != nil {
return nil, err
}
// Set some TLS-level parameters (cipher-related), assuming
// we're using EC keys.
tlsConf := &tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: cas,
CipherSuites: serverCiphers,
MinVersion: tls.VersionTLS12,
PreferServerCipherSuites: true,
}
// Require client certificates if a CA is specified.
if c.CA != "" {
cas, err := common.LoadCA(c.CA)
if err != nil {
return nil, err
}
tlsConf.ClientAuth = tls.RequireAndVerifyClientCert
tlsConf.ClientCAs = cas
}
tlsConf.BuildNameToCertificate()
return tlsConf, nil
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment