uppal/cgrates
1
0
Fork 1
mirror of https://github.com/cgrates/cgrates.git synced 2026-02-24 08:38:45 +05:00
Code Issues Packages Projects Releases Wiki Activity

Add Skip Verify for tls

Browse Source
This commit is contained in:
TeoV
2018-10-09 03:06:52 -04:00
committed by Dan Christian Bogos
parent b266ffd611
commit a03fe68839
11 changed files with 146 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
utils/server.go
View File

@@ -291,7 +291,7 @@ func (r *rpcRequest) Call() io.Reader {
return r.rw
}
func loadTLSConfig(serverCrt, serverKey string) (config tls.Config, err error) {
func loadTLSConfig(serverCrt, serverKey string, skipVerify bool) (config tls.Config, err error) {
cert, err := tls.LoadX509KeyPair(serverCrt, serverKey)
if err != nil {
log.Fatalf("Error: %s when load server keys", err)
@@ -306,22 +306,23 @@ func loadTLSConfig(serverCrt, serverKey string) (config tls.Config, err error) {
certPool := x509.NewCertPool()
certPool.AddCert(ca)
config = tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: certPool,
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: certPool,
InsecureSkipVerify: skipVerify,
}
config.Rand = rand.Reader
return
}
func (s *Server) ServeGOBTLS(addr, serverCrt, serverKey string) {
func (s *Server) ServeGOBTLS(addr, serverCrt, serverKey string, skipVerify bool) {
s.RLock()
enabled := s.rpcEnabled
s.RUnlock()
if !enabled {
return
}
config, err := loadTLSConfig(serverCrt, serverKey)
config, err := loadTLSConfig(serverCrt, serverKey, skipVerify)
if err != nil {
return
}
@@ -354,14 +355,14 @@ func (s *Server) ServeGOBTLS(addr, serverCrt, serverKey string) {
}
}
func (s *Server) ServeJSONTLS(addr, serverCrt, serverKey string) {
func (s *Server) ServeJSONTLS(addr, serverCrt, serverKey string, skipVerify bool) {
s.RLock()
enabled := s.rpcEnabled
s.RUnlock()
if !enabled {
return
}
config, err := loadTLSConfig(serverCrt, serverKey)
config, err := loadTLSConfig(serverCrt, serverKey, skipVerify)
if err != nil {
return
}
@@ -392,7 +393,7 @@ func (s *Server) ServeJSONTLS(addr, serverCrt, serverKey string) {
}
}
func (s *Server) ServeHTTPTLS(addr, serverCrt, serverKey string, jsonRPCURL string, wsRPCURL string,
func (s *Server) ServeHTTPTLS(addr, serverCrt, serverKey string, skipVerify bool, jsonRPCURL string, wsRPCURL string,
useBasicAuth bool, userList map[string]string) {
s.RLock()
enabled := s.rpcEnabled
@@ -434,6 +435,15 @@ func (s *Server) ServeHTTPTLS(addr, serverCrt, serverKey string, jsonRPCURL stri
if useBasicAuth {
Logger.Info("<HTTPTLS> enabling basic auth")
}
config, err := loadTLSConfig(serverCrt, serverKey, skipVerify)
if err != nil {
return
}
httpSrv := http.Server{
Addr: addr,
Handler: mux,
TLSConfig: &config,
}
Logger.Info(fmt.Sprintf("<HTTPTLS> start listening at <%s>", addr))
http.ListenAndServeTLS(addr, serverCrt, serverKey, mux)
httpSrv.ListenAndServeTLS(serverCrt, serverKey)
}