mirror of https://github.com/jetkvm/kvm.git
feat(tls): rewrite tls feature
This commit is contained in:
Siyuan Miao
parent
82c018a2f6
commit
6a2ec4b52b
3
Makefile
3
Makefile
|
|
@ -8,6 +8,9 @@ VERSION := 0.3.8
|
|||
PROMETHEUS_TAG := github.com/prometheus/common/version
|
||||
KVM_PKG_NAME := github.com/jetkvm/kvm
|
||||
|
||||
PROMETHEUS_TAG := github.com/prometheus/common/version
|
||||
KVM_PKG_NAME := github.com/jetkvm/kvm
|
||||
|
||||
GO_LDFLAGS := \
|
||||
-s -w \
|
||||
-X $(PROMETHEUS_TAG).Branch=$(BRANCH) \
|
||||
|
|
|
|||
|
|
@ -144,6 +144,51 @@ func (s *CertStore) ValidateAndSaveCertificate(hostname string, cert string, key
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
// GetCertificate returns the certificate for the given hostname
|
||||
// returns nil if the certificate is not found
|
||||
func (s *CertStore) GetCertificate(hostname string) *tls.Certificate {
|
||||
s.certLock.Lock()
|
||||
defer s.certLock.Unlock()
|
||||
|
||||
return s.certificates[hostname]
|
||||
}
|
||||
|
||||
// ValidateAndSaveCertificate validates the certificate and saves it to the store
|
||||
// returns are:
|
||||
// - error: if the certificate is invalid or if there's any error during saving the certificate
|
||||
// - error: if there's any warning or error during saving the certificate
|
||||
func (s *CertStore) ValidateAndSaveCertificate(hostname string, cert string, key string, ignoreWarning bool) (error, error) {
|
||||
tlsCert, err := tls.X509KeyPair([]byte(cert), []byte(key))
|
||||
if err != nil {
|
||||
return fmt.Errorf("Failed to parse certificate: %w", err), nil
|
||||
}
|
||||
|
||||
// this can be skipped as current implementation supports one custom certificate only
|
||||
if tlsCert.Leaf != nil {
|
||||
// add recover to avoid panic
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
s.log.Errorf("Failed to verify hostname: %v", r)
|
||||
}
|
||||
}()
|
||||
|
||||
if err = tlsCert.Leaf.VerifyHostname(hostname); err != nil {
|
||||
if !ignoreWarning {
|
||||
return nil, fmt.Errorf("Certificate does not match hostname: %w", err)
|
||||
}
|
||||
s.log.Warnf("Certificate does not match hostname: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
s.certLock.Lock()
|
||||
s.certificates[hostname] = &tlsCert
|
||||
s.certLock.Unlock()
|
||||
|
||||
s.saveCertificate(hostname)
|
||||
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (s *CertStore) saveCertificate(hostname string) {
|
||||
// check if certificate already exists
|
||||
tlsCert := s.certificates[hostname]
|
||||
|
|
|
|||
Loading…
Reference in New Issue