/tls/configure -- certificates/keys are now transferred encoded with base64
This commit is contained in:
parent
93847bd309
commit
d42718465d
20
control.go
20
control.go
|
@ -5,6 +5,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
|
"encoding/base64"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
@ -1048,7 +1049,21 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = tls.X509KeyPair([]byte(data.CertificateChain), []byte(data.PrivateKey))
|
certPEM, err := base64.StdEncoding.DecodeString(data.CertificateChain)
|
||||||
|
if err != nil {
|
||||||
|
httpError(w, http.StatusBadRequest, "Failed to base64-decode certificate chain: %s", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
keyPEM, err := base64.StdEncoding.DecodeString(data.PrivateKey)
|
||||||
|
if err != nil {
|
||||||
|
httpError(w, http.StatusBadRequest, "Failed to base64-decode private key: %s", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Printf("got certificate: %s", certPEM)
|
||||||
|
|
||||||
|
_, err = tls.X509KeyPair(certPEM, keyPEM)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
httpError(w, http.StatusBadRequest, "Invalid certificate or key: %s", err)
|
httpError(w, http.StatusBadRequest, "Invalid certificate or key: %s", err)
|
||||||
return
|
return
|
||||||
|
@ -1058,7 +1073,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
|
||||||
var certs []*pem.Block // PEM-encoded certificates
|
var certs []*pem.Block // PEM-encoded certificates
|
||||||
var skippedBytes []string // skipped bytes
|
var skippedBytes []string // skipped bytes
|
||||||
|
|
||||||
pemblock := []byte(data.CertificateChain)
|
pemblock := []byte(certPEM)
|
||||||
for {
|
for {
|
||||||
var decoded *pem.Block
|
var decoded *pem.Block
|
||||||
decoded, pemblock = pem.Decode(pemblock)
|
decoded, pemblock = pem.Decode(pemblock)
|
||||||
|
@ -1109,6 +1124,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
|
||||||
mainCert := parsedCerts[0]
|
mainCert := parsedCerts[0]
|
||||||
_, err = mainCert.Verify(opts)
|
_, err = mainCert.Verify(opts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
// TODO: let self-signed certs through
|
||||||
httpError(w, http.StatusBadRequest, "Your certificate does not verify: %s", err)
|
httpError(w, http.StatusBadRequest, "Your certificate does not verify: %s", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue