comma-separated SSL certificate common names

2025-12-17 09:42:29 +08:00 · 2021-03-10 12:42:44 +05:00
parent 190fada1ef
commit 0e02f7e258
2 changed files with 6 additions and 5 deletions
--- a/docker/compose/tls.env
+++ b/docker/compose/tls.env
@@ -7,7 +7,7 @@ WEED_GRPC_FILER_CERT=/etc/seaweedfs/tls/filer01.crt
 WEED_GRPC_FILER_KEY=/etc/seaweedfs/tls/filer01.key
 WEED_GRPC_CLIENT_CERT=/etc/seaweedfs/tls/client01.crt
 WEED_GRPC_CLIENT_KEY=/etc/seaweedfs/tls/client01.key
-WEED_GRPC_MASTER_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
-WEED_GRPC_VOLUME_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
-WEED_GRPC_FILER_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
-WEED_GRPC_CLIENT_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
+WEED_GRPC_MASTER_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
+WEED_GRPC_VOLUME_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
+WEED_GRPC_FILER_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
+WEED_GRPC_CLIENT_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
--- a/weed/security/tls.go
+++ b/weed/security/tls.go
@@ -10,6 +10,7 @@ import (
 	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/status"
 	"io/ioutil"
+	"strings"

 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -48,7 +49,7 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption
 		ClientAuth:   tls.RequireAndVerifyClientCert,
 	})

-	permitCommonNames := config.GetStringSlice(component + ".allowed_commonNames")
+	permitCommonNames := strings.Split(config.GetString(component+".allowed_commonNames"), ",")
 	if len(permitCommonNames) > 0 {
 		permitCommonNamesMap := make(map[string]bool)
 		for _, s := range permitCommonNames {