oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Root CAs can be used for backend without TLS (#6711)

Browse Source
master
Pontus Leitzler 6 years ago committed by Nitish Tiwari
parent c6ec3fdfba
commit 81d21850ec
3 changed files with 18 additions and 14 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 14
      cmd/certs.go
  2. 10
      cmd/gateway-main.go
  3. 8
      cmd/server-main.go

14
cmd/certs.go
Unescape View File

@ -150,24 +150,20 @@ func loadX509KeyPair(certFile, keyFile string) (tls.Certificate, error) {
return cert, nil return cert, nil
} }
func getSSLConfig() (x509Certs []*x509.Certificate, rootCAs *x509.CertPool, c *certs.Certs, secureConn bool, err error) { func getTLSConfig() (x509Certs []*x509.Certificate, c *certs.Certs, secureConn bool, err error) {
if !(isFile(getPublicCertFile()) && isFile(getPrivateKeyFile())) { if !(isFile(getPublicCertFile()) && isFile(getPrivateKeyFile())) {
return nil, nil, nil, false, nil return nil, nil, false, nil
} }
if x509Certs, err = parsePublicCertFile(getPublicCertFile()); err != nil { if x509Certs, err = parsePublicCertFile(getPublicCertFile()); err != nil {
return nil, nil, nil, false, err return nil, nil, false, err
} }
c, err = certs.New(getPublicCertFile(), getPrivateKeyFile(), loadX509KeyPair) c, err = certs.New(getPublicCertFile(), getPrivateKeyFile(), loadX509KeyPair)
if err != nil { if err != nil {
return nil, nil, nil, false, err return nil, nil, false, err
}
if rootCAs, err = getRootCAs(getCADir()); err != nil {
return nil, nil, nil, false, err
} }
secureConn = true secureConn = true
return x509Certs, rootCAs, c, secureConn, nil return x509Certs, c, secureConn, nil
} }

10
cmd/gateway-main.go
Unescape View File

@ -157,10 +157,14 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
// Create certs path. // Create certs path.
logger.FatalIf(createConfigDir(), "Unable to create configuration directories") logger.FatalIf(createConfigDir(), "Unable to create configuration directories")
// Check and load SSL certificates. // Check and load TLS certificates.
var err error var err error
globalPublicCerts, globalRootCAs, globalTLSCerts, globalIsSSL, err = getSSLConfig() globalPublicCerts, globalTLSCerts, globalIsSSL, err = getTLSConfig()
logger.FatalIf(err, "Invalid SSL certificate file") logger.FatalIf(err, "Invalid TLS certificate file")
// Check and load Root CAs.
globalRootCAs, err = getRootCAs(getCADir())
logger.FatalIf(err, "Failed to read root CAs (%v)", err)
// Set system resources to maximum. // Set system resources to maximum.
logger.LogIf(context.Background(), setMaxResources()) logger.LogIf(context.Background(), setMaxResources())

8
cmd/server-main.go
Unescape View File

@ -227,11 +227,15 @@ func serverMain(ctx *cli.Context) {
// Create certs path. // Create certs path.
logger.FatalIf(createConfigDir(), "Unable to initialize configuration files") logger.FatalIf(createConfigDir(), "Unable to initialize configuration files")
// Check and load SSL certificates. // Check and load TLS certificates.
var err error var err error
globalPublicCerts, globalRootCAs, globalTLSCerts, globalIsSSL, err = getSSLConfig() globalPublicCerts, globalTLSCerts, globalIsSSL, err = getTLSConfig()
logger.FatalIf(err, "Unable to load the TLS configuration") logger.FatalIf(err, "Unable to load the TLS configuration")
// Check and load Root CAs.
globalRootCAs, err = getRootCAs(getCADir())
logger.FatalIf(err, "Failed to read root CAs (%v)", err)
// Is distributed setup, error out if no certificates are found for HTTPS endpoints. // Is distributed setup, error out if no certificates are found for HTTPS endpoints.
if globalIsDistXL { if globalIsDistXL {
if globalEndpoints.IsHTTPS() && !globalIsSSL { if globalEndpoints.IsHTTPS() && !globalIsSSL {

Write Preview
Loading…
Cancel
Save