Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

etcdmain: support crl in grpcproxy

Browse Source
This commit is contained in:
Anthony Romano 2017-07-18 14:59:35 -07:00
parent efbee9d8c7
commit c5447c2ec9
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
etcdmain/grpc_proxy.go
View File

@ -15,7 +15,6 @@
package etcdmain package etcdmain
import ( import (
"crypto/tls"
"fmt" "fmt"
"math" "math"
"net" "net"
@ -62,6 +61,7 @@ var (
grpcProxyListenCert string grpcProxyListenCert string
grpcProxyListenKey string grpcProxyListenKey string
grpcProxyListenAutoTLS bool grpcProxyListenAutoTLS bool
grpcProxyListenCRL string
grpcProxyAdvertiseClientURL string grpcProxyAdvertiseClientURL string
grpcProxyResolverPrefix string grpcProxyResolverPrefix string
@ -117,6 +117,7 @@ func newGRPCProxyStartCommand() *cobra.Command {
cmd.Flags().StringVar(&grpcProxyListenKey, "key-file", "", "identify secure connections to the proxy using this TLS key file") cmd.Flags().StringVar(&grpcProxyListenKey, "key-file", "", "identify secure connections to the proxy using this TLS key file")
cmd.Flags().StringVar(&grpcProxyListenCA, "trusted-ca-file", "", "verify certificates of TLS-enabled secure proxy using this CA bundle") cmd.Flags().StringVar(&grpcProxyListenCA, "trusted-ca-file", "", "verify certificates of TLS-enabled secure proxy using this CA bundle")
cmd.Flags().BoolVar(&grpcProxyListenAutoTLS, "auto-tls", false, "proxy TLS using generated certificates") cmd.Flags().BoolVar(&grpcProxyListenAutoTLS, "auto-tls", false, "proxy TLS using generated certificates")
cmd.Flags().StringVar(&grpcProxyListenCRL, "client-crl-file", "", "proxy client certificate revocation list file.")
return &cmd return &cmd
} }
@ -238,18 +239,17 @@ func mustListenCMux(tlsinfo *transport.TLSInfo) cmux.CMux {
os.Exit(1) os.Exit(1)
} }
var tlscfg *tls.Config if l, err = transport.NewKeepAliveListener(l, "tcp", nil); err != nil {
scheme := "http"
if tlsinfo != nil {
if tlscfg, err = tlsinfo.ServerConfig(); err != nil {
plog.Fatal(err)
}
scheme = "https"
}
if l, err = transport.NewKeepAliveListener(l, scheme, tlscfg); err != nil {
fmt.Fprintln(os.Stderr, err) fmt.Fprintln(os.Stderr, err)
os.Exit(1) os.Exit(1)
} }
if tlsinfo != nil {
tlsinfo.CRLFile = grpcProxyListenCRL
if l, err = transport.NewTLSListener(l, tlsinfo); err != nil {
plog.Fatal(err)
}
}
plog.Infof("listening for grpc-proxy client requests on %s", grpcProxyListenAddr) plog.Infof("listening for grpc-proxy client requests on %s", grpcProxyListenAddr)
return cmux.New(l) return cmux.New(l)
} }