lsm/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2025-12-17 17:51:20 +08:00
Code Issues Actions 18 Packages Projects Releases Wiki Activity

enable require client cert

Browse Source
This commit is contained in:
Konstantin Lebedev
2022-06-24 00:29:23 +05:00
parent ea7cdb8b0e
commit b0aa51d7ef
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
weed/security/tls.go
View File

@@ -64,12 +64,12 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption
RootOptions: advancedtls.RootCertificateOptions{ RootOptions: advancedtls.RootCertificateOptions{
RootProvider: serverRootProvider, RootProvider: serverRootProvider,
}, },
RequireClientCert: false, RequireClientCert: true,
VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) { VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) {
glog.V(0).Infof("Client common name: %s.\n", params.Leaf.Subject.CommonName) glog.V(0).Infof("Client common name: %s.\n", params.Leaf.Subject.CommonName)
return &advancedtls.VerificationResults{}, nil return &advancedtls.VerificationResults{}, nil
}, },
VType: advancedtls.SkipVerification, VType: advancedtls.CertVerification,
} }
ta, err := advancedtls.NewServerCreds(options) ta, err := advancedtls.NewServerCreds(options)
if err != nil { if err != nil {
@@ -134,7 +134,7 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption {
RootOptions: advancedtls.RootCertificateOptions{ RootOptions: advancedtls.RootCertificateOptions{
RootProvider: clientRootProvider, RootProvider: clientRootProvider,
}, },
VType: advancedtls.SkipVerification, VType: advancedtls.CertVerification,
} }
ta, err := advancedtls.NewClientCreds(options) ta, err := advancedtls.NewClientCreds(options)
if err != nil { if err != nil {