load default CA from ca.pem

2023-03-21 18:11:06 +08:00 · 2023-03-21 18:11:06 +08:00 · a39800270b
commit a39800270b
parent fb7b827ea2
2 changed files with 13 additions and 20 deletions
--- a/config/parsing/tls.go
+++ b/config/parsing/tls.go
@ -16,6 +16,7 @@ import (

 	"github.com/go-gost/core/logger"
 	"github.com/go-gost/x/config"
+	tls_util "github.com/go-gost/x/internal/util/tls"
 )

 var (
@ -29,10 +30,11 @@ func BuildDefaultTLSConfig(cfg *config.TLSConfig) {
 		cfg = &config.TLSConfig{
 			CertFile: "cert.pem",
 			KeyFile:  "key.pem",
+			CAFile:   "ca.pem",
 		}
 	}

-	tlsConfig, err := loadConfig(cfg.CertFile, cfg.KeyFile)
+	tlsConfig, err := tls_util.LoadConfig(cfg.CertFile, cfg.KeyFile, cfg.CAFile)
 	if err != nil {
 		// generate random self-signed certificate.
 		cert, err := genCertificate(cfg.Validity, cfg.Organization, cfg.CommonName)
@ -49,19 +51,6 @@ func BuildDefaultTLSConfig(cfg *config.TLSConfig) {
 	defaultTLSConfig = tlsConfig
 }

-func loadConfig(certFile, keyFile string) (*tls.Config, error) {
-	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
-	if err != nil {
-		return nil, err
-	}
-
-	cfg := &tls.Config{
-		Certificates: []tls.Certificate{cert},
-	}
-
-	return cfg, nil
-}
-
 func genCertificate(validity time.Duration, org string, cn string) (cert tls.Certificate, err error) {
 	rawCert, rawKey, err := generateKeyPair(validity, org, cn)
 	if err != nil {
--- a/internal/util/tls/tls.go
+++ b/internal/util/tls/tls.go
@ -9,12 +9,7 @@ import (
 	"time"
 )

-// LoadServerConfig loads the certificate from cert & key files and optional client CA file.
-func LoadServerConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
-	if certFile == "" && keyFile == "" {
-		return nil, nil
-	}
-
+func LoadConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
 	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
 		return nil, err
@ -34,6 +29,15 @@ func LoadServerConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
 	return cfg, nil
 }

+// LoadServerConfig loads the certificate from cert & key files and optional client CA file.
+func LoadServerConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
+	if certFile == "" && keyFile == "" {
+		return nil, nil
+	}
+
+	return LoadConfig(certFile, keyFile, caFile)
+}
+
 // LoadClientConfig loads the certificate from cert & key files and optional CA file.
 func LoadClientConfig(certFile, keyFile, caFile string, verify bool, serverName string) (*tls.Config, error) {
 	var cfg *tls.Config