comma-separated SSL certificate common names

This commit is contained in:
Konstantin Lebedev 2021-03-10 12:42:44 +05:00
parent 190fada1ef
commit 0e02f7e258
2 changed files with 6 additions and 5 deletions

View file

@ -7,7 +7,7 @@ WEED_GRPC_FILER_CERT=/etc/seaweedfs/tls/filer01.crt
WEED_GRPC_FILER_KEY=/etc/seaweedfs/tls/filer01.key WEED_GRPC_FILER_KEY=/etc/seaweedfs/tls/filer01.key
WEED_GRPC_CLIENT_CERT=/etc/seaweedfs/tls/client01.crt WEED_GRPC_CLIENT_CERT=/etc/seaweedfs/tls/client01.crt
WEED_GRPC_CLIENT_KEY=/etc/seaweedfs/tls/client01.key WEED_GRPC_CLIENT_KEY=/etc/seaweedfs/tls/client01.key
WEED_GRPC_MASTER_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01" WEED_GRPC_MASTER_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
WEED_GRPC_VOLUME_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01" WEED_GRPC_VOLUME_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
WEED_GRPC_FILER_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01" WEED_GRPC_FILER_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
WEED_GRPC_CLIENT_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01" WEED_GRPC_CLIENT_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"

View file

@ -10,6 +10,7 @@ import (
"google.golang.org/grpc/peer" "google.golang.org/grpc/peer"
"google.golang.org/grpc/status" "google.golang.org/grpc/status"
"io/ioutil" "io/ioutil"
"strings"
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
@ -48,7 +49,7 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption
ClientAuth: tls.RequireAndVerifyClientCert, ClientAuth: tls.RequireAndVerifyClientCert,
}) })
permitCommonNames := config.GetStringSlice(component + ".allowed_commonNames") permitCommonNames := strings.Split(config.GetString(component+".allowed_commonNames"), ",")
if len(permitCommonNames) > 0 { if len(permitCommonNames) > 0 {
permitCommonNamesMap := make(map[string]bool) permitCommonNamesMap := make(map[string]bool)
for _, s := range permitCommonNames { for _, s := range permitCommonNames {