forked from External/ergo
refactor listener config loading
This commit is contained in:
Shivaram Lingamneni
parent
0a67963f43
commit
5d0b8390e9
3 changed files with 82 additions and 105 deletions
|
|
@ -41,16 +41,11 @@ type TLSListenConfig struct {
|
|||
Key string
|
||||
}
|
||||
|
||||
// Config returns the TLS contiguration assicated with this TLSListenConfig.
|
||||
func (conf *TLSListenConfig) Config() (*tls.Config, error) {
|
||||
cert, err := tls.LoadX509KeyPair(conf.Cert, conf.Key)
|
||||
if err != nil {
|
||||
return nil, ErrInvalidCertKeyPair
|
||||
}
|
||||
|
||||
return &tls.Config{
|
||||
Certificates: []tls.Certificate{cert},
|
||||
}, err
|
||||
// listenerConfig is the config governing a particular listener (bound address),
|
||||
// in particular whether it has TLS or Tor (or both) enabled.
|
||||
type listenerConfig struct {
|
||||
TLSConfig *tls.Config
|
||||
IsTor bool
|
||||
}
|
||||
|
||||
type AccountConfig struct {
|
||||
|
|
@ -277,9 +272,10 @@ type Config struct {
|
|||
Name string
|
||||
nameCasefolded string
|
||||
Listen []string
|
||||
UnixBindMode os.FileMode `yaml:"unix-bind-mode"`
|
||||
TLSListeners map[string]*TLSListenConfig `yaml:"tls-listeners"`
|
||||
TorListeners TorListenersConfig `yaml:"tor-listeners"`
|
||||
UnixBindMode os.FileMode `yaml:"unix-bind-mode"`
|
||||
TLSListeners map[string]TLSListenConfig `yaml:"tls-listeners"`
|
||||
TorListeners TorListenersConfig `yaml:"tor-listeners"`
|
||||
listeners map[string]listenerConfig
|
||||
STS STSConfig
|
||||
CheckIdent bool `yaml:"check-ident"`
|
||||
MOTD string
|
||||
|
|
@ -485,18 +481,33 @@ func (conf *Config) Operators(oc map[string]*OperClass) (map[string]*Oper, error
|
|||
return operators, nil
|
||||
}
|
||||
|
||||
// TLSListeners returns a list of TLS listeners and their configs.
|
||||
func (conf *Config) TLSListeners() (map[string]*tls.Config, error) {
|
||||
tlsListeners := make(map[string]*tls.Config)
|
||||
for s, tlsListenersConf := range conf.Server.TLSListeners {
|
||||
config, err := tlsListenersConf.Config()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
config.ClientAuth = tls.RequestClientCert
|
||||
tlsListeners[s] = config
|
||||
// prepareListeners populates Config.Server.listeners
|
||||
func (conf *Config) prepareListeners() (err error) {
|
||||
torListeners := make(map[string]bool, len(conf.Server.TorListeners.Listeners))
|
||||
for _, addr := range conf.Server.TorListeners.Listeners {
|
||||
torListeners[addr] = true
|
||||
}
|
||||
return tlsListeners, nil
|
||||
|
||||
conf.Server.listeners = make(map[string]listenerConfig, len(conf.Server.Listen))
|
||||
|
||||
for _, addr := range conf.Server.Listen {
|
||||
var lconf listenerConfig
|
||||
lconf.IsTor = torListeners[addr]
|
||||
tlsListenConf, ok := conf.Server.TLSListeners[addr]
|
||||
if ok {
|
||||
cert, err := tls.LoadX509KeyPair(tlsListenConf.Cert, tlsListenConf.Key)
|
||||
if err != nil {
|
||||
return ErrInvalidCertKeyPair
|
||||
}
|
||||
tlsConfig := tls.Config{
|
||||
Certificates: []tls.Certificate{cert},
|
||||
ClientAuth: tls.RequestClientCert,
|
||||
}
|
||||
lconf.TLSConfig = &tlsConfig
|
||||
}
|
||||
conf.Server.listeners[addr] = lconf
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// LoadConfig loads the given YAML configuration file.
|
||||
|
|
@ -757,5 +768,10 @@ func LoadConfig(filename string) (config *Config, err error) {
|
|||
}
|
||||
}
|
||||
|
||||
err = config.prepareListeners()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to prepare listeners: %v", err)
|
||||
}
|
||||
|
||||
return config, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue