diff --git a/config/config.go b/config/config.go index c3210797d..294c648e4 100755 --- a/config/config.go +++ b/config/config.go @@ -142,7 +142,7 @@ func NewDefaultCGRConfig() (*CGRConfig, error) { cfg.generalCfg = new(GeneralCfg) cfg.dataDbCfg = new(DataDbCfg) cfg.storDbCfg = new(StorDbCfg) - + cfg.tlsCfg = new(TlsCfg) cfg.generalCfg.NodeID = utils.UUIDSha1Prefix() cfg.sessionSCfg = new(SessionSCfg) @@ -261,10 +261,6 @@ type CGRConfig struct { RPCJSONTLSListen string // RPC JSON TLS listening address RPCGOBTLSListen string // RPC GOB TLS listening address HTTPTLSListen string // HTTP TLS listening address - TLSServerCerificate string // path to server certificate - TLSServerKey string // path to server key - TLSClientCerificate string // path to client certificate - TLSClientKey string // path to client key HTTPJsonRPCURL string // JSON RPC relative URL ("" to disable) HTTPFreeswitchCDRsURL string // Freeswitch CDRS relative URL ("" to disable) HTTPCDRsURL string // CDRS relative URL ("" to disable) @@ -339,6 +335,7 @@ type CGRConfig struct { generalCfg *GeneralCfg // General config dataDbCfg *DataDbCfg // Database config storDbCfg *StorDbCfg //StroreDb config + tlsCfg *TlsCfg } func (self *CGRConfig) checkConfigSanity() error { diff --git a/config/config_defaults.go b/config/config_defaults.go index 1f687d59a..a6704de8b 100755 --- a/config/config_defaults.go +++ b/config/config_defaults.go @@ -85,10 +85,17 @@ const CGRATES_CFG_JSON = ` "rpc_json_tls" : "127.0.0.1:2022", // RPC JSON TLS listening address "rpc_gob_tls": "127.0.0.1:2023", // RPC GOB TLS listening address "http_tls": "127.0.0.1:2280", // HTTP TLS listening address - "tls_server_certificate" : "", // path to server certificate(must conatin server.crt + ca.crt) - "tls_server_key":"", // path to server key - "tls_client_certificate" : "", // path to client certificate(must conatin client.crt + ca.crt) - "tls_client_key":"", // path to client key +}, + + +"tls":{ + "server_certificate" : "", // path to server certificate + "server_key":"", // path to server key + "client_certificate" : "", // path to client certificate + "client_key":"", // path to client key + "ca_certificate":"", // path to CA certificate (populate if used self-sign certificate) + "server_policy":4 // server_policy determine the TLS Client Authentication (0-NoClientCert, 1-RequestClientCert, 2-RequireAnyClientCert, 3-VerifyClientCertIfGiven, 4-RequireAndVerifyClientCert) + "server_name":"", }, diff --git a/config/tlscfg.go b/config/tlscfg.go new file mode 100755 index 000000000..fb54c4c68 --- /dev/null +++ b/config/tlscfg.go @@ -0,0 +1,30 @@ +/* +Real-time Online/Offline Charging System (OCS) for Telecom & ISP environments +Copyright (C) ITsysCOM GmbH + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see +*/ + +package config + +// AttributeSCfg is the configuration of attribute service +type TlsCfg struct { + ServerCerificate string + ServerKey string + ServerPolicy int + ServerName string + ClientCerificate string + ClientKey string + CaCertificate string +}