diff options
| author | Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.com> | 2022-06-24 00:29:23 +0500 |
|---|---|---|
| committer | Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.com> | 2022-06-24 00:29:23 +0500 |
| commit | b0aa51d7ef6e4f1d0c52d107bf2c5c125fdb2214 (patch) | |
| tree | 861b187466e3c0cecb59f575cee0782d720354ce /weed/security/tls.go | |
| parent | ea7cdb8b0ede4253396838f9736c3f6e4fac2e35 (diff) | |
| download | seaweedfs-b0aa51d7ef6e4f1d0c52d107bf2c5c125fdb2214.tar.xz seaweedfs-b0aa51d7ef6e4f1d0c52d107bf2c5c125fdb2214.zip | |
enable require client cert
Diffstat (limited to 'weed/security/tls.go')
| -rw-r--r-- | weed/security/tls.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/weed/security/tls.go b/weed/security/tls.go index 99df9b9c3..a26f64b42 100644 --- a/weed/security/tls.go +++ b/weed/security/tls.go @@ -64,12 +64,12 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption RootOptions: advancedtls.RootCertificateOptions{ RootProvider: serverRootProvider, }, - RequireClientCert: false, + RequireClientCert: true, VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) { glog.V(0).Infof("Client common name: %s.\n", params.Leaf.Subject.CommonName) return &advancedtls.VerificationResults{}, nil }, - VType: advancedtls.SkipVerification, + VType: advancedtls.CertVerification, } ta, err := advancedtls.NewServerCreds(options) if err != nil { @@ -134,7 +134,7 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption { RootOptions: advancedtls.RootCertificateOptions{ RootProvider: clientRootProvider, }, - VType: advancedtls.SkipVerification, + VType: advancedtls.CertVerification, } ta, err := advancedtls.NewClientCreds(options) if err != nil { |