fs:Added multiple ca certificate support.
This commit is contained in:
parent
844e8fb8bd
commit
6b17044f8e
4 changed files with 19 additions and 15 deletions
|
@ -2099,9 +2099,9 @@ these options. For example this can be very useful with the HTTP or
|
|||
WebDAV backends. Rclone HTTP servers have their own set of
|
||||
configuration for SSL/TLS which you can find in their documentation.
|
||||
|
||||
### --ca-cert string
|
||||
### --ca-cert stringArray
|
||||
|
||||
This loads the PEM encoded certificate authority certificate and uses
|
||||
This loads the PEM encoded certificate authority certificates and uses
|
||||
it to verify the certificates of the servers rclone connects to.
|
||||
|
||||
If you have generated certificates signed with a local CA then you
|
||||
|
|
|
@ -120,9 +120,9 @@ type ConfigInfo struct {
|
|||
ProgressTerminalTitle bool
|
||||
Cookie bool
|
||||
UseMmap bool
|
||||
CaCert string // Client Side CA
|
||||
ClientCert string // Client Side Cert
|
||||
ClientKey string // Client Side Key
|
||||
CaCert []string // Client Side CA
|
||||
ClientCert string // Client Side Cert
|
||||
ClientKey string // Client Side Key
|
||||
MultiThreadCutoff SizeSuffix
|
||||
MultiThreadStreams int
|
||||
MultiThreadSet bool // whether MultiThreadStreams was set (set in fs/config/configflags)
|
||||
|
|
|
@ -120,7 +120,7 @@ func AddFlags(ci *fs.ConfigInfo, flagSet *pflag.FlagSet) {
|
|||
flags.BoolVarP(flagSet, &ci.ProgressTerminalTitle, "progress-terminal-title", "", ci.ProgressTerminalTitle, "Show progress on the terminal title (requires -P/--progress)")
|
||||
flags.BoolVarP(flagSet, &ci.Cookie, "use-cookies", "", ci.Cookie, "Enable session cookiejar")
|
||||
flags.BoolVarP(flagSet, &ci.UseMmap, "use-mmap", "", ci.UseMmap, "Use mmap allocator (see docs)")
|
||||
flags.StringVarP(flagSet, &ci.CaCert, "ca-cert", "", ci.CaCert, "CA certificate used to verify servers")
|
||||
flags.StringArrayVarP(flagSet, &ci.CaCert, "ca-cert", "", ci.CaCert, "CA certificate used to verify servers")
|
||||
flags.StringVarP(flagSet, &ci.ClientCert, "client-cert", "", ci.ClientCert, "Client SSL certificate (PEM) for mutual TLS auth")
|
||||
flags.StringVarP(flagSet, &ci.ClientKey, "client-key", "", ci.ClientKey, "Client SSL private key (PEM) for mutual TLS auth")
|
||||
flags.FVarP(flagSet, &ci.MultiThreadCutoff, "multi-thread-cutoff", "", "Use multi-thread downloads for files above this size")
|
||||
|
|
|
@ -72,16 +72,20 @@ func NewTransportCustom(ctx context.Context, customize func(*http.Transport)) ht
|
|||
t.TLSClientConfig.Certificates = []tls.Certificate{cert}
|
||||
}
|
||||
|
||||
// Load CA cert
|
||||
if ci.CaCert != "" {
|
||||
caCert, err := os.ReadFile(ci.CaCert)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to read --ca-cert: %v", err)
|
||||
}
|
||||
// Load CA certs
|
||||
if len(ci.CaCert) != 0 {
|
||||
|
||||
caCertPool := x509.NewCertPool()
|
||||
ok := caCertPool.AppendCertsFromPEM(caCert)
|
||||
if !ok {
|
||||
log.Fatalf("Failed to add certificates from --ca-cert")
|
||||
|
||||
for _, cert := range ci.CaCert {
|
||||
caCert, err := os.ReadFile(cert)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to read --ca-cert file %q : %v", cert, err)
|
||||
}
|
||||
ok := caCertPool.AppendCertsFromPEM(caCert)
|
||||
if !ok {
|
||||
log.Fatalf("Failed to add certificates from --ca-cert file %q", cert)
|
||||
}
|
||||
}
|
||||
t.TLSClientConfig.RootCAs = caCertPool
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue