go-gost/x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

load default CA from ca.pem

Browse Source
This commit is contained in:
ginuerzh 2023-03-21 18:11:06 +08:00
parent fb7b827ea2
commit a39800270b
2 changed files with 13 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
config/parsing/tls.go
View File

@ -16,6 +16,7 @@ import (
"github.com/go-gost/core/logger" "github.com/go-gost/core/logger"
"github.com/go-gost/x/config" "github.com/go-gost/x/config"
tls_util "github.com/go-gost/x/internal/util/tls"
) )
var ( var (
@ -29,10 +30,11 @@ func BuildDefaultTLSConfig(cfg *config.TLSConfig) {
cfg = &config.TLSConfig{ cfg = &config.TLSConfig{
CertFile: "cert.pem", CertFile: "cert.pem",
KeyFile: "key.pem", KeyFile: "key.pem",
CAFile: "ca.pem",
} }
} }
tlsConfig, err := loadConfig(cfg.CertFile, cfg.KeyFile) tlsConfig, err := tls_util.LoadConfig(cfg.CertFile, cfg.KeyFile, cfg.CAFile)
if err != nil { if err != nil {
// generate random self-signed certificate. // generate random self-signed certificate.
cert, err := genCertificate(cfg.Validity, cfg.Organization, cfg.CommonName) cert, err := genCertificate(cfg.Validity, cfg.Organization, cfg.CommonName)
@ -49,19 +51,6 @@ func BuildDefaultTLSConfig(cfg *config.TLSConfig) {
defaultTLSConfig = tlsConfig defaultTLSConfig = tlsConfig
} }
func loadConfig(certFile, keyFile string) (*tls.Config, error) {
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return nil, err
}
cfg := &tls.Config{
Certificates: []tls.Certificate{cert},
}
return cfg, nil
}
func genCertificate(validity time.Duration, org string, cn string) (cert tls.Certificate, err error) { func genCertificate(validity time.Duration, org string, cn string) (cert tls.Certificate, err error) {
rawCert, rawKey, err := generateKeyPair(validity, org, cn) rawCert, rawKey, err := generateKeyPair(validity, org, cn)
if err != nil { if err != nil {

16
internal/util/tls/tls.go
View File

@ -9,12 +9,7 @@ import (
"time" "time"
) )
// LoadServerConfig loads the certificate from cert & key files and optional client CA file. func LoadConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
func LoadServerConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
if certFile == "" && keyFile == "" {
return nil, nil
}
cert, err := tls.LoadX509KeyPair(certFile, keyFile) cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil { if err != nil {
return nil, err return nil, err
@ -34,6 +29,15 @@ func LoadServerConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
return cfg, nil return cfg, nil
} }
// LoadServerConfig loads the certificate from cert & key files and optional client CA file.
func LoadServerConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
if certFile == "" && keyFile == "" {
return nil, nil
}
return LoadConfig(certFile, keyFile, caFile)
}
// LoadClientConfig loads the certificate from cert & key files and optional CA file. // LoadClientConfig loads the certificate from cert & key files and optional CA file.
func LoadClientConfig(certFile, keyFile, caFile string, verify bool, serverName string) (*tls.Config, error) { func LoadClientConfig(certFile, keyFile, caFile string, verify bool, serverName string) (*tls.Config, error) {
var cfg *tls.Config var cfg *tls.Config