зеркало из https://github.com/microsoft/docker.git
Коммит
c73fae2352
|
@ -132,7 +132,7 @@ func (cli *DockerCli) getNotaryRepository(repoInfo *registry.RepositoryInfo, aut
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
var cfg = tlsconfig.ClientDefault
|
var cfg = tlsconfig.ClientDefault()
|
||||||
cfg.InsecureSkipVerify = !repoInfo.Index.Secure
|
cfg.InsecureSkipVerify = !repoInfo.Index.Secure
|
||||||
|
|
||||||
// Get certificate base directory
|
// Get certificate base directory
|
||||||
|
@ -142,7 +142,7 @@ func (cli *DockerCli) getNotaryRepository(repoInfo *registry.RepositoryInfo, aut
|
||||||
}
|
}
|
||||||
logrus.Debugf("reading certificate directory: %s", certDir)
|
logrus.Debugf("reading certificate directory: %s", certDir)
|
||||||
|
|
||||||
if err := registry.ReadCertsDirectory(&cfg, certDir); err != nil {
|
if err := registry.ReadCertsDirectory(cfg, certDir); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -154,7 +154,7 @@ func (cli *DockerCli) getNotaryRepository(repoInfo *registry.RepositoryInfo, aut
|
||||||
DualStack: true,
|
DualStack: true,
|
||||||
}).Dial,
|
}).Dial,
|
||||||
TLSHandshakeTimeout: 10 * time.Second,
|
TLSHandshakeTimeout: 10 * time.Second,
|
||||||
TLSClientConfig: &cfg,
|
TLSClientConfig: cfg,
|
||||||
DisableKeepAlives: true,
|
DisableKeepAlives: true,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -214,7 +214,7 @@ func TestFrom(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if b.noBaseImage != true {
|
if b.noBaseImage != true {
|
||||||
t.Fatalf("Image should not have any base image, got: %s", b.noBaseImage)
|
t.Fatalf("Image should not have any base image, got: %v", b.noBaseImage)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -64,7 +64,7 @@ clone git github.com/vdemeester/shakers 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3
|
||||||
clone git golang.org/x/net 2beffdc2e92c8a3027590f898fe88f69af48a3f8 https://github.com/tonistiigi/net.git
|
clone git golang.org/x/net 2beffdc2e92c8a3027590f898fe88f69af48a3f8 https://github.com/tonistiigi/net.git
|
||||||
clone git golang.org/x/sys eb2c74142fd19a79b3f237334c7384d5167b1b46 https://github.com/golang/sys.git
|
clone git golang.org/x/sys eb2c74142fd19a79b3f237334c7384d5167b1b46 https://github.com/golang/sys.git
|
||||||
clone git github.com/docker/go-units eb879ae3e2b84e2a142af415b679ddeda47ec71c
|
clone git github.com/docker/go-units eb879ae3e2b84e2a142af415b679ddeda47ec71c
|
||||||
clone git github.com/docker/go-connections fa2850ff103453a9ad190da0df0af134f0314b3d
|
clone git github.com/docker/go-connections 988efe982fdecb46f01d53465878ff1f2ff411ce
|
||||||
|
|
||||||
clone git github.com/docker/engine-api f9cef590446e4e6073b49b652f47a337b897c1a3
|
clone git github.com/docker/engine-api f9cef590446e4e6073b49b652f47a337b897c1a3
|
||||||
clone git github.com/RackSec/srslog 259aed10dfa74ea2961eddd1d9847619f6e98837
|
clone git github.com/RackSec/srslog 259aed10dfa74ea2961eddd1d9847619f6e98837
|
||||||
|
|
|
@ -17,9 +17,9 @@ import (
|
||||||
"github.com/docker/docker/opts"
|
"github.com/docker/docker/opts"
|
||||||
"github.com/docker/docker/pkg/integration/checker"
|
"github.com/docker/docker/pkg/integration/checker"
|
||||||
"github.com/docker/docker/pkg/ioutils"
|
"github.com/docker/docker/pkg/ioutils"
|
||||||
"github.com/docker/docker/pkg/tlsconfig"
|
|
||||||
"github.com/docker/engine-api/types/events"
|
"github.com/docker/engine-api/types/events"
|
||||||
"github.com/docker/go-connections/sockets"
|
"github.com/docker/go-connections/sockets"
|
||||||
|
"github.com/docker/go-connections/tlsconfig"
|
||||||
"github.com/go-check/check"
|
"github.com/go-check/check"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ import (
|
||||||
|
|
||||||
"github.com/docker/docker/cliconfig"
|
"github.com/docker/docker/cliconfig"
|
||||||
"github.com/docker/docker/pkg/integration/checker"
|
"github.com/docker/docker/pkg/integration/checker"
|
||||||
"github.com/docker/docker/pkg/tlsconfig"
|
"github.com/docker/go-connections/tlsconfig"
|
||||||
"github.com/go-check/check"
|
"github.com/go-check/check"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -136,7 +136,7 @@ func newTestNotary(c *check.C) (*testNotary, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *testNotary) Ping() error {
|
func (t *testNotary) Ping() error {
|
||||||
tlsConfig := tlsconfig.ClientDefault
|
tlsConfig := tlsconfig.ClientDefault()
|
||||||
tlsConfig.InsecureSkipVerify = true
|
tlsConfig.InsecureSkipVerify = true
|
||||||
client := http.Client{
|
client := http.Client{
|
||||||
Transport: &http.Transport{
|
Transport: &http.Transport{
|
||||||
|
@ -146,7 +146,7 @@ func (t *testNotary) Ping() error {
|
||||||
KeepAlive: 30 * time.Second,
|
KeepAlive: 30 * time.Second,
|
||||||
}).Dial,
|
}).Dial,
|
||||||
TLSHandshakeTimeout: 10 * time.Second,
|
TLSHandshakeTimeout: 10 * time.Second,
|
||||||
TLSClientConfig: &tlsConfig,
|
TLSClientConfig: tlsConfig,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
resp, err := client.Get(fmt.Sprintf("%s/v2/", notaryURL))
|
resp, err := client.Get(fmt.Sprintf("%s/v2/", notaryURL))
|
||||||
|
|
|
@ -59,7 +59,7 @@ func TestFileSpecPlugin(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.name != c.name {
|
if p.name != c.name {
|
||||||
t.Fatalf("Expected plugin `%s`, got %s\n", c.name, p.Name)
|
t.Fatalf("Expected plugin `%s`, got %s\n", c.name, p.name)
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.Addr != c.addr {
|
if p.Addr != c.addr {
|
||||||
|
@ -97,8 +97,8 @@ func TestFileJSONSpecPlugin(t *testing.T) {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if plugin.name != "example" {
|
if expected, actual := "example", plugin.name; expected != actual {
|
||||||
t.Fatalf("Expected plugin `plugin-example`, got %s\n", plugin.Name)
|
t.Fatalf("Expected plugin %q, got %s\n", expected, actual)
|
||||||
}
|
}
|
||||||
|
|
||||||
if plugin.Addr != "https://example.com/docker/plugin" {
|
if plugin.Addr != "https://example.com/docker/plugin" {
|
||||||
|
@ -138,8 +138,8 @@ func TestFileJSONSpecPluginWithoutTLSConfig(t *testing.T) {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if plugin.name != "example" {
|
if expected, actual := "example", plugin.name; expected != actual {
|
||||||
t.Fatalf("Expected plugin `plugin-example`, got %s\n", plugin.Name)
|
t.Fatalf("Expected plugin %q, got %s\n", expected, actual)
|
||||||
}
|
}
|
||||||
|
|
||||||
if plugin.Addr != "https://example.com/docker/plugin" {
|
if plugin.Addr != "https://example.com/docker/plugin" {
|
||||||
|
|
|
@ -46,7 +46,7 @@ func TestLocalSocket(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.name != "echo" {
|
if p.name != "echo" {
|
||||||
t.Fatalf("Expected plugin `echo`, got %s\n", p.Name)
|
t.Fatalf("Expected plugin `echo`, got %s\n", p.name)
|
||||||
}
|
}
|
||||||
|
|
||||||
addr := fmt.Sprintf("unix://%s", c)
|
addr := fmt.Sprintf("unix://%s", c)
|
||||||
|
|
|
@ -52,19 +52,23 @@ var clientCipherSuites = []uint16{
|
||||||
// known weak algorithms removed.
|
// known weak algorithms removed.
|
||||||
var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)
|
var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)
|
||||||
|
|
||||||
// ServerDefault is a secure-enough TLS configuration for the server TLS configuration.
|
// ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.
|
||||||
var ServerDefault = tls.Config{
|
func ServerDefault() *tls.Config {
|
||||||
// Avoid fallback to SSL protocols < TLS1.0
|
return &tls.Config{
|
||||||
MinVersion: tls.VersionTLS10,
|
// Avoid fallback to SSL protocols < TLS1.0
|
||||||
PreferServerCipherSuites: true,
|
MinVersion: tls.VersionTLS10,
|
||||||
CipherSuites: DefaultServerAcceptedCiphers,
|
PreferServerCipherSuites: true,
|
||||||
|
CipherSuites: DefaultServerAcceptedCiphers,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClientDefault is a secure-enough TLS configuration for the client TLS configuration.
|
// ClientDefault returns a secure-enough TLS configuration for the client TLS configuration.
|
||||||
var ClientDefault = tls.Config{
|
func ClientDefault() *tls.Config {
|
||||||
// Prefer TLS1.2 as the client minimum
|
return &tls.Config{
|
||||||
MinVersion: tls.VersionTLS12,
|
// Prefer TLS1.2 as the client minimum
|
||||||
CipherSuites: clientCipherSuites,
|
MinVersion: tls.VersionTLS12,
|
||||||
|
CipherSuites: clientCipherSuites,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// certPool returns an X.509 certificate pool from `caFile`, the certificate file.
|
// certPool returns an X.509 certificate pool from `caFile`, the certificate file.
|
||||||
|
@ -78,20 +82,15 @@ func certPool(caFile string) (*x509.CertPool, error) {
|
||||||
if !certPool.AppendCertsFromPEM(pem) {
|
if !certPool.AppendCertsFromPEM(pem) {
|
||||||
return nil, fmt.Errorf("failed to append certificates from PEM file: %q", caFile)
|
return nil, fmt.Errorf("failed to append certificates from PEM file: %q", caFile)
|
||||||
}
|
}
|
||||||
s := certPool.Subjects()
|
logrus.Debugf("Trusting %d certs", len(certPool.Subjects()))
|
||||||
subjects := make([]string, len(s))
|
|
||||||
for i, subject := range s {
|
|
||||||
subjects[i] = string(subject)
|
|
||||||
}
|
|
||||||
logrus.Debugf("Trusting certs with subjects: %v", subjects)
|
|
||||||
return certPool, nil
|
return certPool, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Client returns a TLS configuration meant to be used by a client.
|
// Client returns a TLS configuration meant to be used by a client.
|
||||||
func Client(options Options) (*tls.Config, error) {
|
func Client(options Options) (*tls.Config, error) {
|
||||||
tlsConfig := ClientDefault
|
tlsConfig := ClientDefault()
|
||||||
tlsConfig.InsecureSkipVerify = options.InsecureSkipVerify
|
tlsConfig.InsecureSkipVerify = options.InsecureSkipVerify
|
||||||
if !options.InsecureSkipVerify {
|
if !options.InsecureSkipVerify && options.CAFile != "" {
|
||||||
CAs, err := certPool(options.CAFile)
|
CAs, err := certPool(options.CAFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -99,7 +98,7 @@ func Client(options Options) (*tls.Config, error) {
|
||||||
tlsConfig.RootCAs = CAs
|
tlsConfig.RootCAs = CAs
|
||||||
}
|
}
|
||||||
|
|
||||||
if options.CertFile != "" && options.KeyFile != "" {
|
if options.CertFile != "" || options.KeyFile != "" {
|
||||||
tlsCert, err := tls.LoadX509KeyPair(options.CertFile, options.KeyFile)
|
tlsCert, err := tls.LoadX509KeyPair(options.CertFile, options.KeyFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("Could not load X509 key pair: %v. Make sure the key is not encrypted", err)
|
return nil, fmt.Errorf("Could not load X509 key pair: %v. Make sure the key is not encrypted", err)
|
||||||
|
@ -107,12 +106,12 @@ func Client(options Options) (*tls.Config, error) {
|
||||||
tlsConfig.Certificates = []tls.Certificate{tlsCert}
|
tlsConfig.Certificates = []tls.Certificate{tlsCert}
|
||||||
}
|
}
|
||||||
|
|
||||||
return &tlsConfig, nil
|
return tlsConfig, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Server returns a TLS configuration meant to be used by a server.
|
// Server returns a TLS configuration meant to be used by a server.
|
||||||
func Server(options Options) (*tls.Config, error) {
|
func Server(options Options) (*tls.Config, error) {
|
||||||
tlsConfig := ServerDefault
|
tlsConfig := ServerDefault()
|
||||||
tlsConfig.ClientAuth = options.ClientAuth
|
tlsConfig.ClientAuth = options.ClientAuth
|
||||||
tlsCert, err := tls.LoadX509KeyPair(options.CertFile, options.KeyFile)
|
tlsCert, err := tls.LoadX509KeyPair(options.CertFile, options.KeyFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -129,5 +128,5 @@ func Server(options Options) (*tls.Config, error) {
|
||||||
}
|
}
|
||||||
tlsConfig.ClientCAs = CAs
|
tlsConfig.ClientCAs = CAs
|
||||||
}
|
}
|
||||||
return &tlsConfig, nil
|
return tlsConfig, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,19 +28,19 @@ var (
|
||||||
|
|
||||||
func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
|
func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
|
||||||
// PreferredServerCipherSuites should have no effect
|
// PreferredServerCipherSuites should have no effect
|
||||||
tlsConfig := tlsconfig.ServerDefault
|
tlsConfig := tlsconfig.ServerDefault()
|
||||||
|
|
||||||
tlsConfig.InsecureSkipVerify = !isSecure
|
tlsConfig.InsecureSkipVerify = !isSecure
|
||||||
|
|
||||||
if isSecure && CertsDir != "" {
|
if isSecure && CertsDir != "" {
|
||||||
hostDir := filepath.Join(CertsDir, cleanPath(hostname))
|
hostDir := filepath.Join(CertsDir, cleanPath(hostname))
|
||||||
logrus.Debugf("hostDir: %s", hostDir)
|
logrus.Debugf("hostDir: %s", hostDir)
|
||||||
if err := ReadCertsDirectory(&tlsConfig, hostDir); err != nil {
|
if err := ReadCertsDirectory(tlsConfig, hostDir); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return &tlsConfig, nil
|
return tlsConfig, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func hasFile(files []os.FileInfo, name string) bool {
|
func hasFile(files []os.FileInfo, name string) bool {
|
||||||
|
@ -163,8 +163,7 @@ func addRequiredHeadersToRedirectedRequests(req *http.Request, via []*http.Reque
|
||||||
// default TLS configuration.
|
// default TLS configuration.
|
||||||
func NewTransport(tlsConfig *tls.Config) *http.Transport {
|
func NewTransport(tlsConfig *tls.Config) *http.Transport {
|
||||||
if tlsConfig == nil {
|
if tlsConfig == nil {
|
||||||
var cfg = tlsconfig.ServerDefault
|
tlsConfig = tlsconfig.ServerDefault()
|
||||||
tlsConfig = &cfg
|
|
||||||
}
|
}
|
||||||
|
|
||||||
direct := &net.Dialer{
|
direct := &net.Dialer{
|
||||||
|
|
|
@ -7,8 +7,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *DefaultService) lookupV1Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
func (s *DefaultService) lookupV1Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||||
var cfg = tlsconfig.ServerDefault
|
tlsConfig := tlsconfig.ServerDefault()
|
||||||
tlsConfig := &cfg
|
|
||||||
if hostname == DefaultNamespace {
|
if hostname == DefaultNamespace {
|
||||||
endpoints = append(endpoints, APIEndpoint{
|
endpoints = append(endpoints, APIEndpoint{
|
||||||
URL: DefaultV1Registry,
|
URL: DefaultV1Registry,
|
||||||
|
|
|
@ -8,8 +8,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||||
var cfg = tlsconfig.ServerDefault
|
tlsConfig := tlsconfig.ServerDefault()
|
||||||
tlsConfig := &cfg
|
|
||||||
if hostname == DefaultNamespace || hostname == DefaultV1Registry.Host {
|
if hostname == DefaultNamespace || hostname == DefaultV1Registry.Host {
|
||||||
// v2 mirrors
|
// v2 mirrors
|
||||||
for _, mirror := range s.config.Mirrors {
|
for _, mirror := range s.config.Mirrors {
|
||||||
|
|
|
@ -85,14 +85,10 @@ func (p Port) Port() string {
|
||||||
// Int returns the port number of a Port as an int
|
// Int returns the port number of a Port as an int
|
||||||
func (p Port) Int() int {
|
func (p Port) Int() int {
|
||||||
portStr := p.Port()
|
portStr := p.Port()
|
||||||
if len(portStr) == 0 {
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
// We don't need to check for an error because we're going to
|
// We don't need to check for an error because we're going to
|
||||||
// assume that any error would have been found, and reported, in NewPort()
|
// assume that any error would have been found, and reported, in NewPort()
|
||||||
port, _ := strconv.ParseUint(portStr, 10, 16)
|
port, _ := ParsePort(portStr)
|
||||||
return int(port)
|
return port
|
||||||
}
|
}
|
||||||
|
|
||||||
// Range returns the start/end port numbers of a Port range as ints
|
// Range returns the start/end port numbers of a Port range as ints
|
||||||
|
|
|
@ -46,19 +46,23 @@ var acceptedCBCCiphers = []uint16{
|
||||||
// known weak algorithms removed.
|
// known weak algorithms removed.
|
||||||
var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)
|
var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)
|
||||||
|
|
||||||
// ServerDefault is a secure-enough TLS configuration for the server TLS configuration.
|
// ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.
|
||||||
var ServerDefault = tls.Config{
|
func ServerDefault() *tls.Config {
|
||||||
// Avoid fallback to SSL protocols < TLS1.0
|
return &tls.Config{
|
||||||
MinVersion: tls.VersionTLS10,
|
// Avoid fallback to SSL protocols < TLS1.0
|
||||||
PreferServerCipherSuites: true,
|
MinVersion: tls.VersionTLS10,
|
||||||
CipherSuites: DefaultServerAcceptedCiphers,
|
PreferServerCipherSuites: true,
|
||||||
|
CipherSuites: DefaultServerAcceptedCiphers,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClientDefault is a secure-enough TLS configuration for the client TLS configuration.
|
// ClientDefault returns a secure-enough TLS configuration for the client TLS configuration.
|
||||||
var ClientDefault = tls.Config{
|
func ClientDefault() *tls.Config {
|
||||||
// Prefer TLS1.2 as the client minimum
|
return &tls.Config{
|
||||||
MinVersion: tls.VersionTLS12,
|
// Prefer TLS1.2 as the client minimum
|
||||||
CipherSuites: clientCipherSuites,
|
MinVersion: tls.VersionTLS12,
|
||||||
|
CipherSuites: clientCipherSuites,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// certPool returns an X.509 certificate pool from `caFile`, the certificate file.
|
// certPool returns an X.509 certificate pool from `caFile`, the certificate file.
|
||||||
|
@ -78,7 +82,7 @@ func certPool(caFile string) (*x509.CertPool, error) {
|
||||||
|
|
||||||
// Client returns a TLS configuration meant to be used by a client.
|
// Client returns a TLS configuration meant to be used by a client.
|
||||||
func Client(options Options) (*tls.Config, error) {
|
func Client(options Options) (*tls.Config, error) {
|
||||||
tlsConfig := ClientDefault
|
tlsConfig := ClientDefault()
|
||||||
tlsConfig.InsecureSkipVerify = options.InsecureSkipVerify
|
tlsConfig.InsecureSkipVerify = options.InsecureSkipVerify
|
||||||
if !options.InsecureSkipVerify && options.CAFile != "" {
|
if !options.InsecureSkipVerify && options.CAFile != "" {
|
||||||
CAs, err := certPool(options.CAFile)
|
CAs, err := certPool(options.CAFile)
|
||||||
|
@ -96,12 +100,12 @@ func Client(options Options) (*tls.Config, error) {
|
||||||
tlsConfig.Certificates = []tls.Certificate{tlsCert}
|
tlsConfig.Certificates = []tls.Certificate{tlsCert}
|
||||||
}
|
}
|
||||||
|
|
||||||
return &tlsConfig, nil
|
return tlsConfig, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Server returns a TLS configuration meant to be used by a server.
|
// Server returns a TLS configuration meant to be used by a server.
|
||||||
func Server(options Options) (*tls.Config, error) {
|
func Server(options Options) (*tls.Config, error) {
|
||||||
tlsConfig := ServerDefault
|
tlsConfig := ServerDefault()
|
||||||
tlsConfig.ClientAuth = options.ClientAuth
|
tlsConfig.ClientAuth = options.ClientAuth
|
||||||
tlsCert, err := tls.LoadX509KeyPair(options.CertFile, options.KeyFile)
|
tlsCert, err := tls.LoadX509KeyPair(options.CertFile, options.KeyFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -118,5 +122,5 @@ func Server(options Options) (*tls.Config, error) {
|
||||||
}
|
}
|
||||||
tlsConfig.ClientCAs = CAs
|
tlsConfig.ClientCAs = CAs
|
||||||
}
|
}
|
||||||
return &tlsConfig, nil
|
return tlsConfig, nil
|
||||||
}
|
}
|
||||||
|
|
Загрузка…
Ссылка в новой задаче