dragonflyoss
/
dragonfly
mirror of https://github.com/dragonflyoss/dragonfly.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: also add ca to RootCAs (#2516) 

Signed-off-by: MisakaCloud <xjdzch@126.com>
This commit is contained in:
MisakaCloud 2023-07-06 17:28:16 +08:00 committed by GitHub
parent 1da355018b
commit 512ad52c73
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
client/daemon/daemon.go
View File

@ -504,6 +504,7 @@ func (*clientDaemon) prepareTCPListener(opt config.ListenOption, withTLS bool) (
caCertPool := x509.NewCertPool() caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM([]byte(opt.Security.CACert)) caCertPool.AppendCertsFromPEM([]byte(opt.Security.CACert))
tlsConfig.ClientCAs = caCertPool tlsConfig.ClientCAs = caCertPool
tlsConfig.RootCAs = caCertPool
if opt.Security.TLSVerify { if opt.Security.TLSVerify {
tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
} }

5
client/daemon/peer/piece_downloader.go
View File

@ -153,7 +153,10 @@ func NewPieceDownloader(timeout time.Duration, caCertPool *x509.CertPool) PieceD
if caCertPool != nil { if caCertPool != nil {
pd.scheme = "https" pd.scheme = "https"
defaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{ClientCAs: caCertPool} defaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{
ClientCAs: caCertPool,
RootCAs: caCertPool,
}
} }
return pd return pd

1
pkg/rpc/credential.go
View File

@ -64,6 +64,7 @@ func NewServerCredentialsByCertify(tlsPolicy string, tlsVerify bool, pemClientCA
return certifyClient.GetCertificate(hello) return certifyClient.GetCertificate(hello)
}, },
ClientCAs: certPool, ClientCAs: certPool,
RootCAs: certPool,
} }
if tlsVerify { if tlsVerify {