diff options
Diffstat (limited to 'weed/security/tls.go')
| -rw-r--r-- | weed/security/tls.go | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/weed/security/tls.go b/weed/security/tls.go index 2f01af1e7..79552c026 100644 --- a/weed/security/tls.go +++ b/weed/security/tls.go @@ -4,6 +4,7 @@ import ( "context" "crypto/tls" "crypto/x509" + "io/ioutil" "os" "strings" @@ -98,6 +99,23 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption { return grpc.WithTransportCredentials(ta) } +func LoadClientTLSHTTP(clientCertFile string) *tls.Config { + clientCerts, err := ioutil.ReadFile(clientCertFile) + if err != nil { + glog.Fatal(err) + } + certPool := x509.NewCertPool() + ok := certPool.AppendCertsFromPEM(clientCerts) + if !ok { + glog.Fatalf("Error processing client certificate in %s\n", clientCertFile) + } + + return &tls.Config{ + ClientCAs: certPool, + ClientAuth: tls.RequireAndVerifyClientCert, + } +} + func (a Authenticator) Authenticate(ctx context.Context) (newCtx context.Context, err error) { p, ok := peer.FromContext(ctx) if !ok { |