b1fdea5b56
Add shared config file parsing to the utils package.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-30 10:58:57 -08:00
40bfc3f890
Don't use elliptic.P224()
...
This curve is not available on Fedora and RHEL systems, so removing the
reference allows tests to pass there. Vast majority of the
curve-specific work is done in the golang crypto/elliptic package, so
this does not weaken the tests noticeably.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2015-10-30 20:44:05 +01:00
15c3bbeb9c
Remove explicit test for parsing garbage in certs.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-23 20:55:59 -07:00
09dc607bef
Read multiple CA certs from a single PEM file - thanks @mtrmac!
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-23 15:56:47 -07:00
61f9f84254
Use configuration option structures to set up client TLS and server TLS.
...
Test for if client cert is passed without a client key and vice versa.
Fail in ConfigureClientTLS if only one of client cert/key is passed.
Lint fixes.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-21 18:43:33 -07:00
fb81aaed10
Add test for if the client CA dir is empty
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-19 17:31:18 -07:00
fb1013b997
Add servername to the client TLS config, and use it to build notary-server's
...
TLS connection to notary-signer.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-19 17:29:54 -07:00
b399783eee
Slight refactoring of ConfigureServerTLS and added a ConfigureClientTLS
...
as well.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-19 17:29:54 -07:00
7356dfd273
Change ConfigServerTLS to take a client CA directory instead of certs
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-19 17:29:54 -07:00
77dc081ead
Add a utility which generates a tls configuration for you given the
...
requisite certs.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-19 17:29:54 -07:00
Ying Li
Miloslav Trmač