diff options
| author | chrislu <chris.lu@gmail.com> | 2024-06-22 08:30:16 -0700 |
|---|---|---|
| committer | chrislu <chris.lu@gmail.com> | 2024-06-22 08:30:16 -0700 |
| commit | 622448b99336ba6ab9e92f1a49f020a7f8d597bd (patch) | |
| tree | 6de8e455c99446c0dbff90e808177b34e99f6c01 /weed/security/tls.go | |
| parent | 610d397f76a372a1c5faa5fadfbf9eb8ff2dad1f (diff) | |
| download | seaweedfs-622448b99336ba6ab9e92f1a49f020a7f8d597bd.tar.xz seaweedfs-622448b99336ba6ab9e92f1a49f020a7f8d597bd.zip | |
update advancedtls
Diffstat (limited to 'weed/security/tls.go')
| -rw-r--r-- | weed/security/tls.go | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/weed/security/tls.go b/weed/security/tls.go index ae6510219..977234ee0 100644 --- a/weed/security/tls.go +++ b/weed/security/tls.go @@ -54,7 +54,7 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption } // Start a server and create a client using advancedtls API with Provider. - options := &advancedtls.ServerOptions{ + options := &advancedtls.Options{ IdentityOptions: advancedtls.IdentityCertificateOptions{ IdentityProvider: serverIdentityProvider, }, @@ -62,7 +62,7 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption RootProvider: serverRootProvider, }, RequireClientCert: true, - VType: advancedtls.CertVerification, + VerificationType: advancedtls.CertVerification, } allowedCommonNames := config.GetString(component + ".allowed_commonNames") allowedWildcardDomain := config.GetString("grpc.allowed_wildcard_domain") @@ -75,10 +75,10 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption AllowedCommonNames: allowedCommonNamesMap, AllowedWildcardDomain: allowedWildcardDomain, } - options.VerifyPeer = auther.Authenticate + options.AdditionalPeerVerification = auther.Authenticate } else { - options.VerifyPeer = func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) { - return &advancedtls.VerificationResults{}, nil + options.AdditionalPeerVerification = func(params *advancedtls.HandshakeVerificationInfo) (*advancedtls.PostHandshakeVerificationResults, error) { + return &advancedtls.PostHandshakeVerificationResults{}, nil } } ta, err := advancedtls.NewServerCreds(options) @@ -118,17 +118,17 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption { glog.Warningf("pemfile.NewProvider(%v) failed: %v", clientRootOptions, err) return grpc.WithTransportCredentials(insecure.NewCredentials()) } - options := &advancedtls.ClientOptions{ + options := &advancedtls.Options{ IdentityOptions: advancedtls.IdentityCertificateOptions{ IdentityProvider: clientProvider, }, - VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) { - return &advancedtls.VerificationResults{}, nil - }, + AdditionalPeerVerification: func(params *advancedtls.HandshakeVerificationInfo) (*advancedtls.PostHandshakeVerificationResults, error) { + return &advancedtls.PostHandshakeVerificationResults{}, nil + }, RootOptions: advancedtls.RootCertificateOptions{ RootProvider: clientRootProvider, }, - VType: advancedtls.CertVerification, + VerificationType: advancedtls.CertVerification, } ta, err := advancedtls.NewClientCreds(options) if err != nil { @@ -155,12 +155,12 @@ func LoadClientTLSHTTP(clientCertFile string) *tls.Config { } } -func (a Authenticator) Authenticate(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) { +func (a Authenticator) Authenticate(params *advancedtls.HandshakeVerificationInfo) (*advancedtls.PostHandshakeVerificationResults, error) { if a.AllowedWildcardDomain != "" && strings.HasSuffix(params.Leaf.Subject.CommonName, a.AllowedWildcardDomain) { - return &advancedtls.VerificationResults{}, nil + return &advancedtls.PostHandshakeVerificationResults{}, nil } if _, ok := a.AllowedCommonNames[params.Leaf.Subject.CommonName]; ok { - return &advancedtls.VerificationResults{}, nil + return &advancedtls.PostHandshakeVerificationResults{}, nil } err := fmt.Errorf("Authenticate: invalid subject client common name: %s", params.Leaf.Subject.CommonName) glog.Error(err) |