go-gost/x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

load default CA from ca.pem

Browse Source
This commit is contained in:
ginuerzh 2023-03-21 18:28:05 +08:00
parent a39800270b
commit 18fa84b51f
2 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/parsing/tls.go
View File

@ -34,7 +34,7 @@ func BuildDefaultTLSConfig(cfg *config.TLSConfig) {
} }
} }
tlsConfig, err := tls_util.LoadConfig(cfg.CertFile, cfg.KeyFile, cfg.CAFile) tlsConfig, err := tls_util.LoadDefaultConfig(cfg.CertFile, cfg.KeyFile, cfg.CAFile)
if err != nil { if err != nil {
// generate random self-signed certificate. // generate random self-signed certificate.
cert, err := genCertificate(cfg.Validity, cfg.Organization, cfg.CommonName) cert, err := genCertificate(cfg.Validity, cfg.Organization, cfg.CommonName)

41
internal/util/tls/tls.go
View File

@ -7,9 +7,37 @@ import (
"io/ioutil" "io/ioutil"
"net" "net"
"time" "time"
"github.com/go-gost/core/logger"
) )
func LoadConfig(certFile, keyFile, caFile string) (*tls.Config, error) { // LoadDefaultConfig loads the certificate from cert & key files and optional CA file.
func LoadDefaultConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return nil, err
}
cfg := &tls.Config{Certificates: []tls.Certificate{cert}}
pool, err := loadCA(caFile)
if err != nil {
logger.Default().Debugf("load default CA(%s): %v", caFile, err)
}
if pool != nil {
cfg.ClientCAs = pool
cfg.ClientAuth = tls.RequireAndVerifyClientCert
}
return cfg, nil
}
// LoadServerConfig loads the certificate from cert & key files and client CA file.
func LoadServerConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
if certFile == "" && keyFile == "" {
return nil, nil
}
cert, err := tls.LoadX509KeyPair(certFile, keyFile) cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil { if err != nil {
return nil, err return nil, err
@ -29,16 +57,7 @@ func LoadConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
return cfg, nil return cfg, nil
} }
// LoadServerConfig loads the certificate from cert & key files and optional client CA file. // LoadClientConfig loads the certificate from cert & key files and CA file.
func LoadServerConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
if certFile == "" && keyFile == "" {
return nil, nil
}
return LoadConfig(certFile, keyFile, caFile)
}
// LoadClientConfig loads the certificate from cert & key files and optional CA file.
func LoadClientConfig(certFile, keyFile, caFile string, verify bool, serverName string) (*tls.Config, error) { func LoadClientConfig(certFile, keyFile, caFile string, verify bool, serverName string) (*tls.Config, error) {
var cfg *tls.Config var cfg *tls.Config