forked from TrueCloudLab/certificates
Add note about using a second (unsecured) server
This commit is contained in:
parent
9e43dc85d8
commit
78d78580b2
1 changed files with 20 additions and 10 deletions
28
ca/ca.go
28
ca/ca.go
|
@ -147,6 +147,13 @@ func (ca *CA) Init(config *authority.Config) (*CA, error) {
|
|||
|
||||
// TODO: THIS SHOULDN'T HAPPEN (or should become configurable)
|
||||
// Current SCEP client I'm testing with doesn't seem to easily trust untrusted certs.
|
||||
// Idea: provide a second mux/handler that runs without TLS. It probably should only
|
||||
// have routes that are intended to be ran without TLS, like the SCEP ones. Look into
|
||||
// option to not enable it in case no SCEP providers are configured. It might
|
||||
// be nice to still include the SCEP routes in the secure handler too, for
|
||||
// client that do understand HTTPS. The RFC does not seem to explicitly exclude HTTPS
|
||||
// usage, but it mentions some caveats related to managing web PKI certificates as
|
||||
// well as certificates via SCEP.
|
||||
tlsConfig = nil
|
||||
|
||||
scepPrefix := "scep"
|
||||
|
@ -166,16 +173,8 @@ func (ca *CA) Init(config *authority.Config) (*CA, error) {
|
|||
scepRouterHandler.Route(r)
|
||||
})
|
||||
|
||||
/*
|
||||
// helpful routine for logging all routes //
|
||||
walkFunc := func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error {
|
||||
fmt.Printf("%s %s\n", method, route)
|
||||
return nil
|
||||
}
|
||||
if err := chi.Walk(mux, walkFunc); err != nil {
|
||||
fmt.Printf("Logging err: %s\n", err.Error())
|
||||
}
|
||||
*/
|
||||
//dumpRoutes(mux)
|
||||
|
||||
// Add monitoring if configured
|
||||
if len(config.Monitoring) > 0 {
|
||||
|
@ -316,3 +315,14 @@ func (ca *CA) getTLSConfig(auth *authority.Authority) (*tls.Config, error) {
|
|||
|
||||
return tlsConfig, nil
|
||||
}
|
||||
|
||||
func dumpRoutes(mux chi.Routes) {
|
||||
// helpful routine for logging all routes //
|
||||
walkFunc := func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error {
|
||||
fmt.Printf("%s %s\n", method, route)
|
||||
return nil
|
||||
}
|
||||
if err := chi.Walk(mux, walkFunc); err != nil {
|
||||
fmt.Printf("Logging err: %s\n", err.Error())
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue