mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2024-01-19 02:48:24 +00:00
seperate option
This commit is contained in:
parent
5b388ed6c1
commit
ea7cdb8b0e
|
@ -21,7 +21,7 @@ import (
|
||||||
"github.com/chrislusf/seaweedfs/weed/util"
|
"github.com/chrislusf/seaweedfs/weed/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
const credRefreshingInterval = 5 * time.Minute
|
const credRefreshingInterval = time.Duration(5) * time.Hour
|
||||||
|
|
||||||
type Authenticator struct {
|
type Authenticator struct {
|
||||||
AllowedWildcardDomain string
|
AllowedWildcardDomain string
|
||||||
|
@ -64,12 +64,12 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption
|
||||||
RootOptions: advancedtls.RootCertificateOptions{
|
RootOptions: advancedtls.RootCertificateOptions{
|
||||||
RootProvider: serverRootProvider,
|
RootProvider: serverRootProvider,
|
||||||
},
|
},
|
||||||
RequireClientCert: true,
|
RequireClientCert: false,
|
||||||
VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) {
|
VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) {
|
||||||
glog.V(0).Infof("Client common name: %s.\n", params.Leaf.Subject.CommonName)
|
glog.V(0).Infof("Client common name: %s.\n", params.Leaf.Subject.CommonName)
|
||||||
return &advancedtls.VerificationResults{}, nil
|
return &advancedtls.VerificationResults{}, nil
|
||||||
},
|
},
|
||||||
VType: advancedtls.CertVerification,
|
VType: advancedtls.SkipVerification,
|
||||||
}
|
}
|
||||||
ta, err := advancedtls.NewServerCreds(options)
|
ta, err := advancedtls.NewServerCreds(options)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -106,7 +106,6 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption {
|
||||||
clientOptions := pemfile.Options{
|
clientOptions := pemfile.Options{
|
||||||
CertFile: certFileName,
|
CertFile: certFileName,
|
||||||
KeyFile: keyFileName,
|
KeyFile: keyFileName,
|
||||||
RootFile: caFileName,
|
|
||||||
RefreshDuration: credRefreshingInterval,
|
RefreshDuration: credRefreshingInterval,
|
||||||
}
|
}
|
||||||
clientProvider, err := pemfile.NewProvider(clientOptions)
|
clientProvider, err := pemfile.NewProvider(clientOptions)
|
||||||
|
@ -115,14 +114,27 @@ func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption {
|
||||||
return grpc.WithInsecure()
|
return grpc.WithInsecure()
|
||||||
}
|
}
|
||||||
defer clientProvider.Close()
|
defer clientProvider.Close()
|
||||||
|
clientRootOptions := pemfile.Options{
|
||||||
|
RootFile: config.GetString("grpc.ca"),
|
||||||
|
RefreshDuration: credRefreshingInterval,
|
||||||
|
}
|
||||||
|
clientRootProvider, err := pemfile.NewProvider(clientRootOptions)
|
||||||
|
if err != nil {
|
||||||
|
glog.Warningf("pemfile.NewProvider(%v) failed: %v", clientRootOptions, err)
|
||||||
|
return grpc.WithInsecure()
|
||||||
|
}
|
||||||
|
defer clientRootProvider.Close()
|
||||||
options := &advancedtls.ClientOptions{
|
options := &advancedtls.ClientOptions{
|
||||||
|
IdentityOptions: advancedtls.IdentityCertificateOptions{
|
||||||
|
IdentityProvider: clientProvider,
|
||||||
|
},
|
||||||
VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) {
|
VerifyPeer: func(params *advancedtls.VerificationFuncParams) (*advancedtls.VerificationResults, error) {
|
||||||
return &advancedtls.VerificationResults{}, nil
|
return &advancedtls.VerificationResults{}, nil
|
||||||
},
|
},
|
||||||
RootOptions: advancedtls.RootCertificateOptions{
|
RootOptions: advancedtls.RootCertificateOptions{
|
||||||
RootProvider: clientProvider,
|
RootProvider: clientRootProvider,
|
||||||
},
|
},
|
||||||
VType: advancedtls.CertVerification,
|
VType: advancedtls.SkipVerification,
|
||||||
}
|
}
|
||||||
ta, err := advancedtls.NewClientCreds(options)
|
ta, err := advancedtls.NewClientCreds(options)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in a new issue