fix(server): fix client certificate verification
In d0c4916fe9
the TLS CA Certificate
verification broke.
This was bisected using the following basic test:
```
./bin/etcd -f -name machine0 -data-dir machine0 -ca-file=/tmp/ca/ca.crt -cert-file=/tmp/ca/server.crt -key-file=/tmp/ca/server.key.insecure
```
And in another window doing
```
curl --key /tmp/ca/server2.key.insecure --cert /tmp/ca/server2.crt -k -L https://127.0.0.1:4001/v2/keys/foo -XPUT -d value=bar -v
```
Before merging this PR there are a few things that need to be fixed up:
1) Tests for client certs both positive and negative
2) Refactor (or at least documentation of) the TLSConfig types
release-0.4
parent
a542a7804b
commit
0fa6d38574
4
etcd.go
4
etcd.go
|
@ -135,7 +135,7 @@ func main() {
|
|||
|
||||
var psListener net.Listener
|
||||
if psConfig.Scheme == "https" {
|
||||
psListener, err = server.NewTLSListener(info.RaftListenHost, info.RaftTLS.CertFile, info.RaftTLS.KeyFile)
|
||||
psListener, err = server.NewTLSListener(&tlsConfig.Server, info.RaftListenHost, info.RaftTLS.CertFile, info.RaftTLS.KeyFile)
|
||||
} else {
|
||||
psListener, err = server.NewListener(info.RaftListenHost)
|
||||
}
|
||||
|
@ -165,7 +165,7 @@ func main() {
|
|||
|
||||
var sListener net.Listener
|
||||
if tlsConfig.Scheme == "https" {
|
||||
sListener, err = server.NewTLSListener(info.EtcdListenHost, info.EtcdTLS.CertFile, info.EtcdTLS.KeyFile)
|
||||
sListener, err = server.NewTLSListener(&tlsConfig.Server, info.EtcdListenHost, info.EtcdTLS.CertFile, info.EtcdTLS.KeyFile)
|
||||
} else {
|
||||
sListener, err = server.NewListener(info.EtcdListenHost)
|
||||
}
|
||||
|
|
|
@ -16,11 +16,15 @@ func NewListener(addr string) (net.Listener, error) {
|
|||
return l, nil
|
||||
}
|
||||
|
||||
func NewTLSListener(addr, certFile, keyFile string) (net.Listener, error) {
|
||||
func NewTLSListener(config *tls.Config, addr, certFile, keyFile string) (net.Listener, error) {
|
||||
if addr == "" {
|
||||
addr = ":https"
|
||||
}
|
||||
config := &tls.Config{}
|
||||
|
||||
if config == nil {
|
||||
config = &tls.Config{}
|
||||
}
|
||||
|
||||
config.NextProtos = []string{"http/1.1"}
|
||||
|
||||
var err error
|
||||
|
|
Loading…
Reference in New Issue