mirror of
https://github.com/sorenisanerd/gotty.git
synced 2024-11-22 12:24:25 +00:00
Merge pull request #67 from freakhill/master
support for client certificate
This commit is contained in:
commit
57923e98c4
43
app/app.go
43
app/app.go
@ -2,6 +2,8 @@ package app
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"io/ioutil"
|
||||
@ -46,6 +48,8 @@ type Options struct {
|
||||
EnableTLS bool `hcl:"enable_tls"`
|
||||
TLSCrtFile string `hcl:"tls_crt_file"`
|
||||
TLSKeyFile string `hcl:"tls_key_file"`
|
||||
VerifyClientCert bool `hcl:"verify_client_cert"`
|
||||
ClientCAs []string `hcl:"client_cas"`
|
||||
TitleFormat string `hcl:"title_format"`
|
||||
EnableReconnect bool `hcl:"enable_reconnect"`
|
||||
ReconnectTime int `hcl:"reconnect_time"`
|
||||
@ -67,6 +71,8 @@ var DefaultOptions = Options{
|
||||
EnableTLS: false,
|
||||
TLSCrtFile: "~/.gotty.crt",
|
||||
TLSKeyFile: "~/.gotty.key",
|
||||
VerifyClientCert: false,
|
||||
ClientCAs: []string{},
|
||||
TitleFormat: "GoTTY - {{ .Command }} ({{ .Hostname }})",
|
||||
EnableReconnect: false,
|
||||
ReconnectTime: 10,
|
||||
@ -191,9 +197,44 @@ func (app *App) Run() error {
|
||||
}
|
||||
}
|
||||
|
||||
serverMaker := func() *http.Server {
|
||||
return &http.Server{
|
||||
Addr: endpoint,
|
||||
Handler: siteHandler}
|
||||
}
|
||||
if app.options.VerifyClientCert && app.options.EnableTLS {
|
||||
serverMaker = func() *http.Server {
|
||||
clientCaPool := x509.NewCertPool()
|
||||
for _, path := range app.options.ClientCAs {
|
||||
pem, err := ioutil.ReadFile(path)
|
||||
if err != nil {
|
||||
log.Printf("Could not read pem file at: " + path)
|
||||
return nil
|
||||
}
|
||||
if clientCaPool.AppendCertsFromPEM(pem) {
|
||||
log.Printf("Could not parse pem file at: " + path)
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return &http.Server{
|
||||
Addr: endpoint,
|
||||
Handler: siteHandler,
|
||||
TLSConfig: &tls.Config{
|
||||
ClientAuth: tls.RequireAndVerifyClientCert,
|
||||
ClientCAs: clientCaPool,
|
||||
PreferServerCipherSuites: true}}
|
||||
}
|
||||
}
|
||||
|
||||
server := serverMaker()
|
||||
if server == nil {
|
||||
log.Printf("Failed to build server.")
|
||||
return errors.New("Failed to build server.")
|
||||
}
|
||||
|
||||
var err error
|
||||
app.server = manners.NewWithServer(
|
||||
&http.Server{Addr: endpoint, Handler: siteHandler},
|
||||
server,
|
||||
)
|
||||
if app.options.EnableTLS {
|
||||
crtFile := ExpandHomeDir(app.options.TLSCrtFile)
|
||||
|
Loading…
Reference in New Issue
Block a user