From 6acb43bbbb9b15c938d246837a17dca66393409e Mon Sep 17 00:00:00 2001
From: James Hedley <jameskhedley@gmail.com>
Date: Fri, 13 Oct 2023 17:02:24 +0100
Subject: Add optional flags to enable mTLS with verification of client
 certificate (#4910)

---
 weed/command/server.go | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'weed/command/server.go')

diff --git a/weed/command/server.go b/weed/command/server.go
index 7fbb59676..67e37426e 100644
--- a/weed/command/server.go
+++ b/weed/command/server.go
@@ -144,6 +144,8 @@ func init() {
 	s3Options.domainName = cmdServer.Flag.String("s3.domainName", "", "suffix of the host name in comma separated list, {bucket}.{domainName}")
 	s3Options.tlsPrivateKey = cmdServer.Flag.String("s3.key.file", "", "path to the TLS private key file")
 	s3Options.tlsCertificate = cmdServer.Flag.String("s3.cert.file", "", "path to the TLS certificate file")
+	s3Options.tlsCACertificate = cmdServer.Flag.String("s3.cacert.file", "", "path to the TLS CA certificate file")
+	s3Options.tlsVerifyClientCert = cmdServer.Flag.Bool("s3.tlsVerifyClientCert", false, "whether to verify the client's certificate")
 	s3Options.config = cmdServer.Flag.String("s3.config", "", "path to the config file")
 	s3Options.auditLogConfig = cmdServer.Flag.String("s3.auditLogConfig", "", "path to the audit log config file")
 	s3Options.allowEmptyFolder = cmdServer.Flag.Bool("s3.allowEmptyFolder", true, "allow empty folders")
-- 
cgit v1.2.3