Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-08 07:10:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

mutal TLS: add support for revocation lists

Browse Source
This commit is contained in:
Nicola Murino
2021-01-03 17:03:04 +01:00
parent 6d84c5b9e3
commit 684f4ba1a6
21 changed files with 1178 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
webdavd/webdavd.go
View File

@@ -99,8 +99,11 @@ type Configuration struct {
// "paramchange" request to the running service on Windows.
CertificateFile string `json:"certificate_file" mapstructure:"certificate_file"`
CertificateKeyFile string `json:"certificate_key_file" mapstructure:"certificate_key_file"`
// CACertificates defines the set of root certificate authorities to use to verify client certificates.
// CACertificates defines the set of root certificate authorities to be used to verify client certificates.
CACertificates []string `json:"ca_certificates" mapstructure:"ca_certificates"`
// CARevocationLists defines a set a revocation lists, one for each root CA, to be used to check
// if a client certificate has been revoked
CARevocationLists []string `json:"ca_revocation_lists" mapstructure:"ca_revocation_lists"`
// CORS configuration
Cors Cors `json:"cors" mapstructure:"cors"`
// Cache configuration
@@ -140,11 +143,16 @@ func (c *Configuration) Initialize(configDir string) error {
certificateFile := getConfigPath(c.CertificateFile, configDir)
certificateKeyFile := getConfigPath(c.CertificateKeyFile, configDir)
if certificateFile != "" && certificateKeyFile != "" {
mgr, err := common.NewCertManager(certificateFile, certificateKeyFile, logSender)
mgr, err := common.NewCertManager(certificateFile, certificateKeyFile, configDir, logSender)
if err != nil {
return err
}
if err := mgr.LoadRootCAs(c.CACertificates, configDir); err != nil {
mgr.SetCACertificates(c.CACertificates)
if err := mgr.LoadRootCAs(); err != nil {
return err
}
mgr.SetCARevocationLists(c.CARevocationLists)
if err := mgr.LoadCRLs(); err != nil {
return err
}
certMgr = mgr
@@ -175,10 +183,10 @@ func (c *Configuration) Initialize(configDir string) error {
return <-exitChannel
}
// ReloadTLSCertificate reloads the TLS certificate and key from the configured paths
func ReloadTLSCertificate() error {
// ReloadCertificateMgr reloads the certificate manager
func ReloadCertificateMgr() error {
if certMgr != nil {
return certMgr.LoadCertificate(logSender)
return certMgr.Reload()
}
return nil
}