From 78d78580b2ce5733c2239a934aba16b177ba96a7 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Fri, 19 Feb 2021 11:00:52 +0100 Subject: [PATCH] Add note about using a second (unsecured) server --- ca/ca.go | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/ca/ca.go b/ca/ca.go index a061fa02..f256a5e4 100644 --- a/ca/ca.go +++ b/ca/ca.go @@ -147,6 +147,13 @@ func (ca *CA) Init(config *authority.Config) (*CA, error) { // TODO: THIS SHOULDN'T HAPPEN (or should become configurable) // Current SCEP client I'm testing with doesn't seem to easily trust untrusted certs. + // Idea: provide a second mux/handler that runs without TLS. It probably should only + // have routes that are intended to be ran without TLS, like the SCEP ones. Look into + // option to not enable it in case no SCEP providers are configured. It might + // be nice to still include the SCEP routes in the secure handler too, for + // client that do understand HTTPS. The RFC does not seem to explicitly exclude HTTPS + // usage, but it mentions some caveats related to managing web PKI certificates as + // well as certificates via SCEP. tlsConfig = nil scepPrefix := "scep" @@ -166,16 +173,8 @@ func (ca *CA) Init(config *authority.Config) (*CA, error) { scepRouterHandler.Route(r) }) - /* - // helpful routine for logging all routes // - walkFunc := func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error { - fmt.Printf("%s %s\n", method, route) - return nil - } - if err := chi.Walk(mux, walkFunc); err != nil { - fmt.Printf("Logging err: %s\n", err.Error()) - } - */ + // helpful routine for logging all routes // + //dumpRoutes(mux) // Add monitoring if configured if len(config.Monitoring) > 0 { @@ -316,3 +315,14 @@ func (ca *CA) getTLSConfig(auth *authority.Authority) (*tls.Config, error) { return tlsConfig, nil } + +func dumpRoutes(mux chi.Routes) { + // helpful routine for logging all routes // + walkFunc := func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error { + fmt.Printf("%s %s\n", method, route) + return nil + } + if err := chi.Walk(mux, walkFunc); err != nil { + fmt.Printf("Logging err: %s\n", err.Error()) + } +}