TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Remove mTLS client requirement in /roots and /federation

Browse source
This commit is contained in:
Mariano Cano 2019-01-11 19:08:08 -08:00
parent 9adc65febf
commit 518b597535
10 changed files with 162 additions and 233 deletions
Download patch file Download diff file Expand all files Collapse all files

18
ca/tls.go
View file

@ -41,10 +41,7 @@ func (c *Client) GetClientTLSConfig(ctx context.Context, sign *api.SignResponse,
}
// Apply options if given
tlsCtx, err := newTLSOptionCtx(c, sign, pk, tlsConfig)
if err != nil {
return nil, err
}
tlsCtx := newTLSOptionCtx(c, tlsConfig)
if err := tlsCtx.apply(options); err != nil {
return nil, err
}
@ -56,6 +53,9 @@ func (c *Client) GetClientTLSConfig(ctx context.Context, sign *api.SignResponse,
}
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
// Update client transport
c.client.Transport = tr
// Start renewer
renewer.RunContext(ctx)
return tlsConfig, nil
@ -91,10 +91,7 @@ func (c *Client) GetServerTLSConfig(ctx context.Context, sign *api.SignResponse,
}
// Apply options if given
tlsCtx, err := newTLSOptionCtx(c, sign, pk, tlsConfig)
if err != nil {
return nil, err
}
tlsCtx := newTLSOptionCtx(c, tlsConfig)
if err := tlsCtx.apply(options); err != nil {
return nil, err
}
@ -106,6 +103,9 @@ func (c *Client) GetServerTLSConfig(ctx context.Context, sign *api.SignResponse,
}
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
// Update client transport
c.client.Transport = tr
// Start renewer
renewer.RunContext(ctx)
return tlsConfig, nil
@ -249,7 +249,7 @@ func getPEM(i interface{}) ([]byte, error) {
func getRenewFunc(ctx *TLSOptionCtx, client *Client, tr *http.Transport, pk crypto.PrivateKey) RenewFunc {
return func() (*tls.Certificate, error) {
// Get updated list of roots
if err := ctx.applyRenew(tr); err != nil {
if err := ctx.applyRenew(); err != nil {
return nil, err
}
// Get new certificate