aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--weed/security/tls.go6
1 files changed, 3 insertions, 3 deletions
diff --git a/weed/security/tls.go b/weed/security/tls.go
index 99df9b9c3..a26f64b42 100644
--- a/weed/security/tls.go
+++ b/weed/security/tls.go
@@ -64,12 +64,12 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption
RootOptions: advancedtls.RootCertificateOptions{
RootProvider: serverRootProvider,
},
- RequireClientCert: false,
+ RequireClientCert: true,
VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) {
glog.V(0).Infof("Client common name: %s.\n", params.Leaf.Subject.CommonName)
return &advancedtls.VerificationResults{}, nil
},
- VType: advancedtls.SkipVerification,
+ VType: advancedtls.CertVerification,
}
ta, err := advancedtls.NewServerCreds(options)
if err != nil {
@@ -134,7 +134,7 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption {
RootOptions: advancedtls.RootCertificateOptions{
RootProvider: clientRootProvider,
},
- VType: advancedtls.SkipVerification,
+ VType: advancedtls.CertVerification,
}
ta, err := advancedtls.NewClientCreds(options)
if err != nil {
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 21:18:27 +0000