diff options
Diffstat (limited to 'weed')
| -rw-r--r-- | weed/command/scaffold.go | 5 | ||||
| -rw-r--r-- | weed/security/tls.go | 11 |
2 files changed, 11 insertions, 5 deletions
diff --git a/weed/command/scaffold.go b/weed/command/scaffold.go index c2d53e4bd..79f827af5 100644 --- a/weed/command/scaffold.go +++ b/weed/command/scaffold.go @@ -444,18 +444,22 @@ ca = "" [grpc.volume] cert = "" key = "" +allowed_commonNames = "" [grpc.master] cert = "" key = "" +allowed_commonNames = "" [grpc.filer] cert = "" key = "" +allowed_commonNames = "" [grpc.msg_broker] cert = "" key = "" +allowed_commonNames = "" # use this for any place needs a grpc client # i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload" @@ -463,7 +467,6 @@ key = "" cert = "" key = "" - # volume server https options # Note: work in progress! # this does not work with other clients, e.g., "weed filer|mount" etc, yet. diff --git a/weed/security/tls.go b/weed/security/tls.go index 437d658a8..b38745fbf 100644 --- a/weed/security/tls.go +++ b/weed/security/tls.go @@ -29,12 +29,15 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption // load cert/key, ca cert cert, err := tls.LoadX509KeyPair(config.GetString(component+".cert"), config.GetString(component+".key")) if err != nil { - glog.V(1).Infof("load cert/key error: %v", err) + glog.V(1).Infof("load cert: %s / key: %s error: %v", + config.GetString(component+".cert"), + config.GetString(component+".key"), + err) return nil, nil } caCert, err := ioutil.ReadFile(config.GetString("grpc.ca")) if err != nil { - glog.V(1).Infof("read ca cert file error: %v", err) + glog.V(1).Infof("read ca cert file %s error: %v", config.GetString("grpc.ca"), err) return nil, nil } caCertPool := x509.NewCertPool() @@ -44,11 +47,11 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption ClientCAs: caCertPool, ClientAuth: tls.RequireAndVerifyClientCert, }) - permitCommonNames := config.GetStringSlice(component + "permitCommonNames") + permitCommonNames := config.GetStringSlice(component + ".allowed_commonNames") if len(permitCommonNames) > 0 { permitCommonNamesMap := make(map[string]bool) - for _, s := range util.GetViper().GetStringSlice(component + "permitCommonNames") { + for _, s := range permitCommonNames { permitCommonNamesMap[s] = true } auther := Authenticator{ |