crossplane
/
crossplane-runtime
mirror of https://github.com/crossplane/crossplane-runtime.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix loaded CA certs 

Signed-off-by: ezgidemirel <ezgidemirel91@gmail.com>
This commit is contained in:
ezgidemirel 2023-03-09 16:22:14 +03:00
parent fc63b94eb5
commit 7a2ca31e32
No known key found for this signature in database
GPG Key ID: 89568F0941364589
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/certificates/certificates.go
View File

@ -39,7 +39,7 @@ const (
)
// Load loads TLS certificates in the given folder assuming certificate names are constant.
func Load(certsFolderPath string, requireClientCert bool) (*tls.Config, error) {
func Load(certsFolderPath string, isServer bool) (*tls.Config, error) {
tlsCertFilePath := filepath.Join(certsFolderPath, tlsCertFileName)
tlsKeyFilePath := filepath.Join(certsFolderPath, tlsKeyFileName)
certificate, err := tls.LoadX509KeyPair(tlsCertFilePath, tlsKeyFilePath)
@ -61,11 +61,13 @@ func Load(certsFolderPath string, requireClientCert bool) (*tls.Config, error) {
tlsConfig := &tls.Config{
MinVersion: tls.VersionTLS12,
Certificates: []tls.Certificate{certificate},
RootCAs: pool,
}
if requireClientCert {
if isServer {
tlsConfig.ClientCAs = pool
tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
} else {
tlsConfig.RootCAs = pool
}
return tlsConfig, nil