add CA config option

2015-04-28 00:28:44 -07:00 · 2015-04-28 00:28:44 -07:00 · 5938d9e09c
parent e85af39e21
commit 5938d9e09c
5 changed files with 11 additions and 5 deletions
--- a/cmd/vetinari-server/dev-config.json
+++ b/cmd/vetinari-server/dev-config.json
@ -1,8 +1,9 @@
 {
 	"server": {
 		"addr": ":4443",
-		"tls_cert_file": "../../fixtures/ca.pem",
-		"tls_key_file": "../../fixtures/ca-key.pem"
+		"tls_cert_file": "../../fixtures/vetinari.key",
+		"tls_key_file": "../../fixtures/vetinari.pem",
+		"tls_ca_file": "/go/src/github.com/docker/vetinari/fixtures/ca.cert"
 	},
 	"trust_service": {
 		"type": "remote",
--- a/config/config.go
+++ b/config/config.go
@ -18,6 +18,7 @@ type ServerConf struct {
 	Addr        string `json:"addr"`
 	TLSCertFile string `json:"tls_cert_file"`
 	TLSKeyFile  string `json:"tls_key_file"`
+	TLSCAFile  string `json:"tls_ca_file,omitempty"`
 }

 // TrustServiceConf specificies the service to use for signing.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -4,6 +4,7 @@ vetinari:
   - rufus
  ports:
   - "8080:8080"
+   - "127.0.0.1:4443:4443"
 rufus:
  build: ../rufus
  ports:
--- a/server/rufus_trust.go
+++ b/server/rufus_trust.go
@ -21,10 +21,13 @@ type RufusSigner struct {
 	sClient  pb.SignerClient
 }

-func newRufusSigner(hostname string, port string) *RufusSigner {
+func newRufusSigner(hostname string, port string, tlscafile string) *RufusSigner {
 	var opts []grpc.DialOption
 	netAddr := net.JoinHostPort(hostname, port)
-	creds := credentials.NewClientTLSFromCert(nil, hostname)
+	creds, err := credentials.NewClientTLSFromFile(tlscafile, hostname)
+	if err != nil {
+		log.Fatalf("fail to read: %v", err)
+	}
 	opts = append(opts, grpc.WithTransportCredentials(creds))
 	conn, err := grpc.Dial(netAddr, opts...)
 	if err != nil {
--- a/server/server.go
+++ b/server/server.go
@ -24,7 +24,7 @@ func Run(ctx context.Context, conf *config.Configuration) error {
 	var trust signed.TrustService
 	if conf.TrustService.Type == "remote" {
 		log.Println("[Vetinari Server] : Using remote signing service")
-		trust = newRufusSigner(conf.TrustService.Hostname, conf.TrustService.Port)
+		trust = newRufusSigner(conf.TrustService.Hostname, conf.TrustService.Port, conf.Server.TLSCAFile)
 	} else {
 		log.Println("[Vetinari Server] : Using local signing service")
 		trust = signed.NewEd25519()