a
/
badguardhome
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Validate certificates and update certificate statuses on launch as well.

This commit is contained in:
Eugene Bujak 2019-02-13 11:45:23 +03:00 committed by Eugene Bujak
parent bdec98f18e
commit 571be68733
3 changed files with 29 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app.go
View File

@ -177,20 +177,30 @@ func run(args options) {
httpsServer.cond.Wait() httpsServer.cond.Wait()
} }
address := net.JoinHostPort(config.BindHost, strconv.Itoa(config.TLS.PortHTTPS)) address := net.JoinHostPort(config.BindHost, strconv.Itoa(config.TLS.PortHTTPS))
// validate current TLS config and update warnings (it could have been loaded from file)
data, err := validateCertificates(config.TLS)
if err != nil {
log.Fatal(err)
os.Exit(1)
}
confing.TLS = data // update warnings
// prepare cert for HTTPS server
cert, err := tls.X509KeyPair([]byte(config.TLS.CertificateChain), []byte(config.TLS.PrivateKey)) cert, err := tls.X509KeyPair([]byte(config.TLS.CertificateChain), []byte(config.TLS.PrivateKey))
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
os.Exit(1) os.Exit(1)
} }
config := &tls.Config{
Certificates: []tls.Certificate{cert},
}
httpsServer.server = &http.Server{
Addr: address,
TLSConfig: config,
}
httpsServer.cond.L.Unlock() httpsServer.cond.L.Unlock()
// prepare HTTPS server
httpsServer.server = &http.Server{
Addr: address,
TLSConfig: &tls.Config{
Certificates: []tls.Certificate{cert},
},
}
URL := fmt.Sprintf("https://%s", address) URL := fmt.Sprintf("https://%s", address)
log.Println("Go to " + URL) log.Println("Go to " + URL)
err = httpsServer.server.ListenAndServeTLS("", "") err = httpsServer.server.ListenAndServeTLS("", "")

15
config.go
View File

@ -70,15 +70,18 @@ type tlsConfigSettings struct {
dnsforward.TLSConfig `yaml:",inline" json:",inline"` dnsforward.TLSConfig `yaml:",inline" json:",inline"`
} }
// field ordering is not important -- these are for API and are recalculated on each run
type tlsConfigStatus struct {
StatusCertificate string `yaml:"-" json:"status_cert,omitempty"`
StatusKey string `yaml:"-" json:"status_key,omitempty"`
Warning string `yaml:"-" json:"warning,omitempty"`
WarningValidation string `yaml:"-" json:"warning_validation,omitempty"`
}
// field ordering is important -- yaml fields will mirror ordering from here // field ordering is important -- yaml fields will mirror ordering from here
type tlsConfig struct { type tlsConfig struct {
tlsConfigSettings `yaml:",inline" json:",inline"` tlsConfigSettings `yaml:",inline" json:",inline"`
tlsConfigStatus `yaml:"-" json:",inline"`
// only for API, no need to be stored in config
StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"`
StatusKey string `yaml:"status_key" json:"status_key,omitempty"`
Warning string `yaml:"warning" json:"warning,omitempty"`
WarningValidation string `yaml:"warning_validation" json:"warning_validation,omitempty"`
} }
// initialize to default values, will be changed later when reading config or parsing command line // initialize to default values, will be changed later when reading config or parsing command line

3
control.go
View File

@ -1156,6 +1156,9 @@ func validateCertificates(data tlsConfig) (tlsConfig, error) {
opts.Intermediates = pool opts.Intermediates = pool
} }
// clear out all warnings and statuses
data.tlsConfigStatus = tlsConfigStatus{}
// TODO: save it as a warning rather than error it out -- shouldn't be a big problem // TODO: save it as a warning rather than error it out -- shouldn't be a big problem
mainCert := parsedCerts[0] mainCert := parsedCerts[0]
_, err := mainCert.Verify(opts) _, err := mainCert.Verify(opts)