Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): fix client certificate verification

Browse Source 
In d0c4916fe9 the TLS CA Certificate
verification broke.

This was bisected using the following basic test:

```
./bin/etcd -f -name machine0 -data-dir machine0 -ca-file=/tmp/ca/ca.crt -cert-file=/tmp/ca/server.crt -key-file=/tmp/ca/server.key.insecure
```

And in another window doing

```
curl --key /tmp/ca/server2.key.insecure  --cert /tmp/ca/server2.crt -k -L https://127.0.0.1:4001/v2/keys/foo -XPUT -d value=bar -v
```

Before merging this PR there are a few things that need to be fixed up:

1) Tests for client certs both positive and negative
2) Refactor (or at least documentation of) the TLSConfig types
This commit is contained in:
Brandon Philips
2014-01-31 16:56:15 -08:00
parent a542a7804b
commit 0fa6d38574
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/listener.go
View File

@@ -16,11 +16,15 @@ func NewListener(addr string) (net.Listener, error) {
return l, nil
}
func NewTLSListener(addr, certFile, keyFile string) (net.Listener, error) {
func NewTLSListener(config *tls.Config, addr, certFile, keyFile string) (net.Listener, error) {
if addr == "" {
addr = ":https"
}
config := &tls.Config{}
if config == nil {
config = &tls.Config{}
}
config.NextProtos = []string{"http/1.1"}
var err error