Support for client certificate authentication
This commit is contained in:
Anders Betnér
parent
8e333d0a03
commit
959c7dc783
4 changed files with 65 additions and 3 deletions
18
server.go
18
server.go
|
|
@ -5,8 +5,10 @@ package main
|
|||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
|
|
@ -298,6 +300,22 @@ func (server *Server) createTLSConfig(entryPointName string, tlsOption *TLS, rou
|
|||
config.Certificates = append(config.Certificates, cert)
|
||||
}
|
||||
|
||||
if len(tlsOption.ClientCAFiles) > 0 {
|
||||
pool := x509.NewCertPool()
|
||||
for _, caFile := range tlsOption.ClientCAFiles {
|
||||
data, err := ioutil.ReadFile(caFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ok := pool.AppendCertsFromPEM(data)
|
||||
if !ok {
|
||||
return nil, errors.New("invalid certificate(s) in " + caFile)
|
||||
}
|
||||
}
|
||||
config.ClientCAs = pool
|
||||
config.ClientAuth = tls.RequireAndVerifyClientCert
|
||||
}
|
||||
|
||||
if server.globalConfiguration.ACME != nil {
|
||||
if _, ok := server.serverEntryPoints[server.globalConfiguration.ACME.EntryPoint]; ok {
|
||||
if entryPointName == server.globalConfiguration.ACME.EntryPoint {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue