fs:Added multiple ca certificate support.
This commit is contained in:
parent
844e8fb8bd
commit
6b17044f8e
4 changed files with 19 additions and 15 deletions
|
@ -2099,9 +2099,9 @@ these options. For example this can be very useful with the HTTP or
|
||||||
WebDAV backends. Rclone HTTP servers have their own set of
|
WebDAV backends. Rclone HTTP servers have their own set of
|
||||||
configuration for SSL/TLS which you can find in their documentation.
|
configuration for SSL/TLS which you can find in their documentation.
|
||||||
|
|
||||||
### --ca-cert string
|
### --ca-cert stringArray
|
||||||
|
|
||||||
This loads the PEM encoded certificate authority certificate and uses
|
This loads the PEM encoded certificate authority certificates and uses
|
||||||
it to verify the certificates of the servers rclone connects to.
|
it to verify the certificates of the servers rclone connects to.
|
||||||
|
|
||||||
If you have generated certificates signed with a local CA then you
|
If you have generated certificates signed with a local CA then you
|
||||||
|
|
|
@ -120,9 +120,9 @@ type ConfigInfo struct {
|
||||||
ProgressTerminalTitle bool
|
ProgressTerminalTitle bool
|
||||||
Cookie bool
|
Cookie bool
|
||||||
UseMmap bool
|
UseMmap bool
|
||||||
CaCert string // Client Side CA
|
CaCert []string // Client Side CA
|
||||||
ClientCert string // Client Side Cert
|
ClientCert string // Client Side Cert
|
||||||
ClientKey string // Client Side Key
|
ClientKey string // Client Side Key
|
||||||
MultiThreadCutoff SizeSuffix
|
MultiThreadCutoff SizeSuffix
|
||||||
MultiThreadStreams int
|
MultiThreadStreams int
|
||||||
MultiThreadSet bool // whether MultiThreadStreams was set (set in fs/config/configflags)
|
MultiThreadSet bool // whether MultiThreadStreams was set (set in fs/config/configflags)
|
||||||
|
|
|
@ -120,7 +120,7 @@ func AddFlags(ci *fs.ConfigInfo, flagSet *pflag.FlagSet) {
|
||||||
flags.BoolVarP(flagSet, &ci.ProgressTerminalTitle, "progress-terminal-title", "", ci.ProgressTerminalTitle, "Show progress on the terminal title (requires -P/--progress)")
|
flags.BoolVarP(flagSet, &ci.ProgressTerminalTitle, "progress-terminal-title", "", ci.ProgressTerminalTitle, "Show progress on the terminal title (requires -P/--progress)")
|
||||||
flags.BoolVarP(flagSet, &ci.Cookie, "use-cookies", "", ci.Cookie, "Enable session cookiejar")
|
flags.BoolVarP(flagSet, &ci.Cookie, "use-cookies", "", ci.Cookie, "Enable session cookiejar")
|
||||||
flags.BoolVarP(flagSet, &ci.UseMmap, "use-mmap", "", ci.UseMmap, "Use mmap allocator (see docs)")
|
flags.BoolVarP(flagSet, &ci.UseMmap, "use-mmap", "", ci.UseMmap, "Use mmap allocator (see docs)")
|
||||||
flags.StringVarP(flagSet, &ci.CaCert, "ca-cert", "", ci.CaCert, "CA certificate used to verify servers")
|
flags.StringArrayVarP(flagSet, &ci.CaCert, "ca-cert", "", ci.CaCert, "CA certificate used to verify servers")
|
||||||
flags.StringVarP(flagSet, &ci.ClientCert, "client-cert", "", ci.ClientCert, "Client SSL certificate (PEM) for mutual TLS auth")
|
flags.StringVarP(flagSet, &ci.ClientCert, "client-cert", "", ci.ClientCert, "Client SSL certificate (PEM) for mutual TLS auth")
|
||||||
flags.StringVarP(flagSet, &ci.ClientKey, "client-key", "", ci.ClientKey, "Client SSL private key (PEM) for mutual TLS auth")
|
flags.StringVarP(flagSet, &ci.ClientKey, "client-key", "", ci.ClientKey, "Client SSL private key (PEM) for mutual TLS auth")
|
||||||
flags.FVarP(flagSet, &ci.MultiThreadCutoff, "multi-thread-cutoff", "", "Use multi-thread downloads for files above this size")
|
flags.FVarP(flagSet, &ci.MultiThreadCutoff, "multi-thread-cutoff", "", "Use multi-thread downloads for files above this size")
|
||||||
|
|
|
@ -72,16 +72,20 @@ func NewTransportCustom(ctx context.Context, customize func(*http.Transport)) ht
|
||||||
t.TLSClientConfig.Certificates = []tls.Certificate{cert}
|
t.TLSClientConfig.Certificates = []tls.Certificate{cert}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load CA cert
|
// Load CA certs
|
||||||
if ci.CaCert != "" {
|
if len(ci.CaCert) != 0 {
|
||||||
caCert, err := os.ReadFile(ci.CaCert)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Failed to read --ca-cert: %v", err)
|
|
||||||
}
|
|
||||||
caCertPool := x509.NewCertPool()
|
caCertPool := x509.NewCertPool()
|
||||||
ok := caCertPool.AppendCertsFromPEM(caCert)
|
|
||||||
if !ok {
|
for _, cert := range ci.CaCert {
|
||||||
log.Fatalf("Failed to add certificates from --ca-cert")
|
caCert, err := os.ReadFile(cert)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Failed to read --ca-cert file %q : %v", cert, err)
|
||||||
|
}
|
||||||
|
ok := caCertPool.AppendCertsFromPEM(caCert)
|
||||||
|
if !ok {
|
||||||
|
log.Fatalf("Failed to add certificates from --ca-cert file %q", cert)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
t.TLSClientConfig.RootCAs = caCertPool
|
t.TLSClientConfig.RootCAs = caCertPool
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue