diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2022-03-16 09:40:51 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-16 09:40:51 -0700 |
| commit | 2aa9d9f84ac466e348821066f6332a8a5b777d47 (patch) | |
| tree | 416bd650c36851ed7603c74bc86308a24f214221 /weed/security/tls.go | |
| parent | b5b97a4799e1929bb22d816aca450ea18f7ec08e (diff) | |
| parent | 9b14f0c81a9348ccb8a79ffcf9cdbc7033d00fac (diff) | |
| download | seaweedfs-2aa9d9f84ac466e348821066f6332a8a5b777d47.tar.xz seaweedfs-2aa9d9f84ac466e348821066f6332a8a5b777d47.zip | |
Merge pull request #2760 from bercknash/berck/mtls
Diffstat (limited to 'weed/security/tls.go')
| -rw-r--r-- | weed/security/tls.go | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/weed/security/tls.go b/weed/security/tls.go index 2f01af1e7..79552c026 100644 --- a/weed/security/tls.go +++ b/weed/security/tls.go @@ -4,6 +4,7 @@ import ( "context" "crypto/tls" "crypto/x509" + "io/ioutil" "os" "strings" @@ -98,6 +99,23 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption { return grpc.WithTransportCredentials(ta) } +func LoadClientTLSHTTP(clientCertFile string) *tls.Config { + clientCerts, err := ioutil.ReadFile(clientCertFile) + if err != nil { + glog.Fatal(err) + } + certPool := x509.NewCertPool() + ok := certPool.AppendCertsFromPEM(clientCerts) + if !ok { + glog.Fatalf("Error processing client certificate in %s\n", clientCertFile) + } + + return &tls.Config{ + ClientCAs: certPool, + ClientAuth: tls.RequireAndVerifyClientCert, + } +} + func (a Authenticator) Authenticate(ctx context.Context) (newCtx context.Context, err error) { p, ok := peer.FromContext(ctx) if !ok { |