Commit 232cb4db authored by ale's avatar ale

Rename client backend tls config attr to just 'tls'

For uniformity with the serverutil package. Also, make error checking
on client TLS setup a bit stricter.
parent 39b1908a
......@@ -13,7 +13,7 @@ import (
// 'shard' parameter on their APIs.
type BackendConfig struct {
URL string `yaml:"url"`
TLSConfig *TLSClientConfig `yaml:"tls_config"`
TLSConfig *TLSClientConfig `yaml:"tls"`
Sharded bool `yaml:"sharded"`
Debug bool `yaml:"debug"`
}
......
......@@ -2,6 +2,7 @@ package clientutil
import (
"crypto/tls"
"errors"
common "git.autistici.org/ai3/go-common"
)
......@@ -16,6 +17,10 @@ type TLSClientConfig struct {
// TLSConfig returns a tls.Config object with the current configuration.
func (c *TLSClientConfig) TLSConfig() (*tls.Config, error) {
if c.Cert == "" || c.Key == "" || c.CA == "" {
return nil, errors.New("incomplete client tls specification")
}
cert, err := tls.LoadX509KeyPair(c.Cert, c.Key)
if err != nil {
return nil, err
......@@ -24,13 +29,11 @@ func (c *TLSClientConfig) TLSConfig() (*tls.Config, error) {
Certificates: []tls.Certificate{cert},
}
if c.CA != "" {
cas, err := common.LoadCA(c.CA)
if err != nil {
return nil, err
}
tlsConf.RootCAs = cas
cas, err := common.LoadCA(c.CA)
if err != nil {
return nil, err
}
tlsConf.RootCAs = cas
tlsConf.BuildNameToCertificate()
return tlsConf, nil
......
......@@ -2,6 +2,7 @@ package common
import (
"crypto/x509"
"fmt"
"io/ioutil"
)
......@@ -12,6 +13,8 @@ func LoadCA(path string) (*x509.CertPool, error) {
return nil, err
}
cas := x509.NewCertPool()
cas.AppendCertsFromPEM(data)
if !cas.AppendCertsFromPEM(data) {
return nil, fmt.Errorf("no certificates could be parsed in %s", path)
}
return cas, nil
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment