Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 06:40:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

allow different TLS certificates for each binding

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2022-05-21 16:34:47 +02:00
parent 0ecaa862bd
commit 1a33b5bb53
22 changed files with 391 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
webdavd/server.go
View File

@@ -56,15 +56,19 @@ func (s *webDavServer) listenAndServe(compressor *middleware.Compressor) error {
httpServer.Handler = handler
if certMgr != nil && s.binding.EnableHTTPS {
serviceStatus.Bindings = append(serviceStatus.Bindings, s.binding)
certID := common.DefaultTLSKeyPaidID
if getConfigPath(s.binding.CertificateFile, "") != "" && getConfigPath(s.binding.CertificateKeyFile, "") != "" {
certID = s.binding.GetAddress()
}
httpServer.TLSConfig = &tls.Config{
GetCertificate: certMgr.GetCertificateFunc(),
GetCertificate: certMgr.GetCertificateFunc(certID),
MinVersion: util.GetTLSVersion(s.binding.MinTLSVersion),
NextProtos: []string{"http/1.1", "h2"},
CipherSuites: util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites),
PreferServerCipherSuites: true,
}
logger.Debug(logSender, "", "configured TLS cipher suites for binding %#v: %v", s.binding.GetAddress(),
httpServer.TLSConfig.CipherSuites)
logger.Debug(logSender, "", "configured TLS cipher suites for binding %#v: %v, certID: %v",
s.binding.GetAddress(), httpServer.TLSConfig.CipherSuites, certID)
if s.binding.isMutualTLSEnabled() {
httpServer.TLSConfig.ClientCAs = certMgr.GetRootCAs()
httpServer.TLSConfig.VerifyConnection = s.verifyTLSConnection