lsm/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2025-08-20 07:02:09 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: s3 command ignore -tlsVerifyClientCert and -cacert.file arguments (#6547)
Some checks failed
go: build dev binaries / cleanup (push) Has been cancelled
Details
docker: build dev containers / build-dev-containers (push) Has been cancelled
Details
End to End / FUSE Mount (push) Has been cancelled
Details
go: build binary / Build (push) Has been cancelled
Details
helm: lint and test charts / lint-test (push) Has been cancelled
Details
Ceph S3 tests / Ceph S3 tests (push) Has been cancelled
Details
go: build dev binaries / build_dev_linux_windows (amd64, linux) (push) Has been cancelled
Details
go: build dev binaries / build_dev_linux_windows (amd64, windows) (push) Has been cancelled
Details
go: build dev binaries / build_dev_darwin (amd64, darwin) (push) Has been cancelled
Details
go: build dev binaries / build_dev_darwin (arm64, darwin) (push) Has been cancelled
Details

Browse Source 
s3 command ignore tlsVerifyClientCert and cacert.file arguments from
command line. On startS3Server instead of use real values (in s3opt),
default values (from s3Options, always empty) are checked.

Now on right values are checked and if user provide this arguments
RequireAndVerifyClientCert is set and/or ca certificate is loaded.
This commit is contained in:
Karol Będkowski 2025-02-13 21:27:38 +00:00 committed by GitHub
parent 903d288e08
commit 441614b386
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
weed/command/s3.go
View File

@ -312,7 +312,7 @@ func (s3opt *S3Options) startS3Server() bool {
}
caCertPool := x509.NewCertPool()
if *s3Options.tlsCACertificate != "" {
if *s3opt.tlsCACertificate != "" {
// load CA certificate file and add it to list of client CAs
caCertFile, err := ioutil.ReadFile(*s3opt.tlsCACertificate)
if err != nil {
@ -322,7 +322,7 @@ func (s3opt *S3Options) startS3Server() bool {
}
clientAuth := tls.NoClientCert
if *s3Options.tlsVerifyClientCert {
if *s3opt.tlsVerifyClientCert {
clientAuth = tls.RequireAndVerifyClientCert
}