cmd/stealchain-server: Present server cert, request client cert

This commit is contained in:
Joshua Liebow-Feeser 2017-08-29 12:41:33 -07:00
parent 48b03c908d
commit 0e6b60a2c4
1 changed files with 19 additions and 1 deletions

View File

@ -18,16 +18,34 @@ import (
func main() { func main() {
cfg := &tls.Config{} cfg := &tls.Config{}
var sysRoot, listenAddr string var sysRoot, listenAddr, certFile, keyFile string
var verify bool var verify bool
flag.StringVar(&sysRoot, "ca", "", "provide an alternate CA bundle") flag.StringVar(&sysRoot, "ca", "", "provide an alternate CA bundle")
flag.StringVar(&listenAddr, "listen", ":443", "address to listen on") flag.StringVar(&listenAddr, "listen", ":443", "address to listen on")
flag.StringVar(&certFile, "cert", "", "server certificate to present to clients")
flag.StringVar(&keyFile, "key", "", "key for server certificate")
flag.BoolVar(&verify, "verify", false, "verify client certificates") flag.BoolVar(&verify, "verify", false, "verify client certificates")
flag.Parse() flag.Parse()
if verify { if verify {
cfg.ClientAuth = tls.RequireAndVerifyClientCert cfg.ClientAuth = tls.RequireAndVerifyClientCert
} else {
cfg.ClientAuth = tls.RequestClientCert
} }
if certFile == "" {
fmt.Println("[!] missing required flag -cert")
os.Exit(1)
}
if keyFile == "" {
fmt.Println("[!] missing required flag -key")
os.Exit(1)
}
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
fmt.Printf("[!] could not load server key pair: %v", err)
os.Exit(1)
}
cfg.Certificates = append(cfg.Certificates, cert)
if sysRoot != "" { if sysRoot != "" {
pemList, err := ioutil.ReadFile(sysRoot) pemList, err := ioutil.ReadFile(sysRoot)
die.If(err) die.If(err)