[server] Add support for specifying TLS certificate

This commit is contained in:
Ciprian Dorin Craciun 2019-08-15 15:00:45 +03:00
parent 7019c78c2e
commit 5ea19f0f9d
4 changed files with 139 additions and 5 deletions

47
examples/tls-bundle.pem Normal file
View file

@ -0,0 +1,47 @@
-----BEGIN CERTIFICATE-----
MIIDIzCCAgugAwIBAgIUVyUIITgu0+by4ASAy3b9vOM+B2wwDQYJKoZIhvcNAQEL
BQAwHzEdMBsGA1UEAxMUa2F3aXBpa28udm9sdXRpb24ucm8wIBcNMTkwODE0MTUw
OTEzWhgPMjA1OTA4MTQxNTA5MTNaMB8xHTAbBgNVBAMTFGthd2lwaWtvLnZvbHV0
aW9uLnJvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvo6I70Xe87KO
aj764hlWEcAWWaEnBmzMgJtOiAgFfG6B3vMuSE84Ro7a0uqVwkHqhYOrE66jFBo8
moPBOBABovVpDtNGjWGE+xFqf609MEuWloDNu4d6wgBjdjcXfZZ6KYcsfsctcoRe
eYljgujx+lvRgORKS4nWnOOyY3O9wJRMxa3ITkRfVUwlQgampKKcIk3iXdRqdAOt
ws6TO3VTwVZ1poDDSyYcKTW6aQoQmsOCDEgQh+pyYQJSVIEqiFP32cjq43opHonf
OpykAiL2e7MiRYJur5E5xH2ZmT9SersPcACMoCu1DiHPJaGvxfl693gf4pgX6rDb
PWTNJqWpqwIDAQABo1UwUzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUF
BwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFPDjABVCI490LdvHPeotzNq3
xa9KMA0GCSqGSIb3DQEBCwUAA4IBAQA0cYKpYneOgBRGL/5q86g17qGOrQOWjdDr
1k7i817pBjIfRj9bm1n2iaSrC4GCt4Ok+hl/DyjPNDDUXZxEmfmxlugi6dKLPQp9
p30hlTB7E3ArHKkWXYGo19URewAUYOMEIR1lB5/RS21rnpUKHawrwi9pZHTwYQ5Q
QcnpA9/FvCbPo8gb9kPAuDyj39tdzzgNK/Xvj8ym9RhUbTtBgbWujRCIWU0L6bfl
i7DLfJoPSK+s6S5YGr88VAz0y9zAGD/2wGq9R1hUSDw0OfMgEm9GoSz6FpXKKBtl
M01bP11akztK8sWChdels4OXOsPQ1SdF2XE4od82cm6lA8IgE1hY
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+jojvRd7zso5q
PvriGVYRwBZZoScGbMyAm06ICAV8boHe8y5ITzhGjtrS6pXCQeqFg6sTrqMUGjya
g8E4EAGi9WkO00aNYYT7EWp/rT0wS5aWgM27h3rCAGN2Nxd9lnophyx+xy1yhF55
iWOC6PH6W9GA5EpLidac47Jjc73AlEzFrchORF9VTCVCBqakopwiTeJd1Gp0A63C
zpM7dVPBVnWmgMNLJhwpNbppChCaw4IMSBCH6nJhAlJUgSqIU/fZyOrjeikeid86
nKQCIvZ7syJFgm6vkTnEfZmZP1J6uw9wAIygK7UOIc8loa/F+Xr3eB/imBfqsNs9
ZM0mpamrAgMBAAECggEAORjSVQeVj2XAIHuwhtDapkTtLXwJCnbNK/fdJwtoQWmH
RnuNMaNzFEk3rh0WNHe1wr26JBKe0KYv5Ih3+8loBCEOkp+hszk2NFh6lbkd7Xuo
qn37pyYoFTsykjhdtIbDIfBb17zslDSvbjFJfO85mi+q7bj5vfqWMLpVOFF02N/S
SmASAzAYTAOE+wheMuTWkm8r3PXh8WhJViWLp/9l6gyLT0mOazxaVayOWyJ/pg1w
qPZiNOavTbNyP7jzUysA4LX9CdBQx3k48IQm0c59Zu49Rl7H6ZT9Vp2CSkvbZRZS
qVLKYtE4o5SIyAPI5QBCRyNVkHQnZAzPIv/vwbky4QKBgQDmcxY9YVIVpjZQCcVg
R++ClrjKKzuR4dmUvmF3H6F4uT6S+7zPsaaIbgBUo2B/Z5QZ+vv6FeKcGZhGSVzU
gtiQeNvEPE25oHbJm3ui71Wvw2mEpTp52bYL6k68b45ydq/CCpohSLym/WjlVVSz
ce2IJZaviGn68jY175bRRDAb2wKBgQDTrykGt8gfACmSBZcULkaXCDqT0nfnWccx
OHuimbIDgSU0Q/KJA9P0pSbtL/2rUXEnZpUJ0oDDEi0MpBkSX3Tb3U959aY97hXK
arHI0iziUcW1ZZ2XGO5KtRviQ0D5CKZWR1Ttjm1oCJkmxAag070CF/UdcTGEizrK
OeI7o1l6cQKBgBo21z3ON0ctLBp4shIcvLsPKCAfQNx8Y4LPEUk6uOSBtgOETVsW
60mzsafvGcgEYU1/RnCRUsDNDIxaRgwKglYU2XL+JR1Lipeubyb+sLGYugUTwo4f
3NyIH8LBseOFasLY7+V/X65jPy5vQX5UJGALXpPDIcMhEFecVHyjlBFnAoGABtWs
+W6No5KZxQExM5Ga7d1yJruw62NWrxwnwcQ8nyhYTyuydQIOoeODMj1Ob22dvavu
O/bz+Vho4/OYa6NxXnfyzPlFeNJrGbIAM3+1u0jwnT6+q9Y+O2NFlzScsG27ESYU
c+cZWTaN21aQ8Dhl7d9gJqc09haYu1bLGynXBcECgYEAsxgIbbO3CtxPfqgtJrAo
eRPPLX7UOdXmarOBYFL+jsG5SWSyECqKDgkjyeQFVqHzK+W4k654TobZoMUhDIUL
GeNAoNAIjPciush/0yYI8w3EybHIkB6JSi4LyhWBQazGaAr3Ai0NHbKt3ZzcOM1D
azCipM9H6CJO+MjoG+S53Xo=
-----END PRIVATE KEY-----

28
examples/tls-private.pem Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+jojvRd7zso5q
PvriGVYRwBZZoScGbMyAm06ICAV8boHe8y5ITzhGjtrS6pXCQeqFg6sTrqMUGjya
g8E4EAGi9WkO00aNYYT7EWp/rT0wS5aWgM27h3rCAGN2Nxd9lnophyx+xy1yhF55
iWOC6PH6W9GA5EpLidac47Jjc73AlEzFrchORF9VTCVCBqakopwiTeJd1Gp0A63C
zpM7dVPBVnWmgMNLJhwpNbppChCaw4IMSBCH6nJhAlJUgSqIU/fZyOrjeikeid86
nKQCIvZ7syJFgm6vkTnEfZmZP1J6uw9wAIygK7UOIc8loa/F+Xr3eB/imBfqsNs9
ZM0mpamrAgMBAAECggEAORjSVQeVj2XAIHuwhtDapkTtLXwJCnbNK/fdJwtoQWmH
RnuNMaNzFEk3rh0WNHe1wr26JBKe0KYv5Ih3+8loBCEOkp+hszk2NFh6lbkd7Xuo
qn37pyYoFTsykjhdtIbDIfBb17zslDSvbjFJfO85mi+q7bj5vfqWMLpVOFF02N/S
SmASAzAYTAOE+wheMuTWkm8r3PXh8WhJViWLp/9l6gyLT0mOazxaVayOWyJ/pg1w
qPZiNOavTbNyP7jzUysA4LX9CdBQx3k48IQm0c59Zu49Rl7H6ZT9Vp2CSkvbZRZS
qVLKYtE4o5SIyAPI5QBCRyNVkHQnZAzPIv/vwbky4QKBgQDmcxY9YVIVpjZQCcVg
R++ClrjKKzuR4dmUvmF3H6F4uT6S+7zPsaaIbgBUo2B/Z5QZ+vv6FeKcGZhGSVzU
gtiQeNvEPE25oHbJm3ui71Wvw2mEpTp52bYL6k68b45ydq/CCpohSLym/WjlVVSz
ce2IJZaviGn68jY175bRRDAb2wKBgQDTrykGt8gfACmSBZcULkaXCDqT0nfnWccx
OHuimbIDgSU0Q/KJA9P0pSbtL/2rUXEnZpUJ0oDDEi0MpBkSX3Tb3U959aY97hXK
arHI0iziUcW1ZZ2XGO5KtRviQ0D5CKZWR1Ttjm1oCJkmxAag070CF/UdcTGEizrK
OeI7o1l6cQKBgBo21z3ON0ctLBp4shIcvLsPKCAfQNx8Y4LPEUk6uOSBtgOETVsW
60mzsafvGcgEYU1/RnCRUsDNDIxaRgwKglYU2XL+JR1Lipeubyb+sLGYugUTwo4f
3NyIH8LBseOFasLY7+V/X65jPy5vQX5UJGALXpPDIcMhEFecVHyjlBFnAoGABtWs
+W6No5KZxQExM5Ga7d1yJruw62NWrxwnwcQ8nyhYTyuydQIOoeODMj1Ob22dvavu
O/bz+Vho4/OYa6NxXnfyzPlFeNJrGbIAM3+1u0jwnT6+q9Y+O2NFlzScsG27ESYU
c+cZWTaN21aQ8Dhl7d9gJqc09haYu1bLGynXBcECgYEAsxgIbbO3CtxPfqgtJrAo
eRPPLX7UOdXmarOBYFL+jsG5SWSyECqKDgkjyeQFVqHzK+W4k654TobZoMUhDIUL
GeNAoNAIjPciush/0yYI8w3EybHIkB6JSi4LyhWBQazGaAr3Ai0NHbKt3ZzcOM1D
azCipM9H6CJO+MjoG+S53Xo=
-----END PRIVATE KEY-----

19
examples/tls-public.pem Normal file
View file

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDIzCCAgugAwIBAgIUVyUIITgu0+by4ASAy3b9vOM+B2wwDQYJKoZIhvcNAQEL
BQAwHzEdMBsGA1UEAxMUa2F3aXBpa28udm9sdXRpb24ucm8wIBcNMTkwODE0MTUw
OTEzWhgPMjA1OTA4MTQxNTA5MTNaMB8xHTAbBgNVBAMTFGthd2lwaWtvLnZvbHV0
aW9uLnJvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvo6I70Xe87KO
aj764hlWEcAWWaEnBmzMgJtOiAgFfG6B3vMuSE84Ro7a0uqVwkHqhYOrE66jFBo8
moPBOBABovVpDtNGjWGE+xFqf609MEuWloDNu4d6wgBjdjcXfZZ6KYcsfsctcoRe
eYljgujx+lvRgORKS4nWnOOyY3O9wJRMxa3ITkRfVUwlQgampKKcIk3iXdRqdAOt
ws6TO3VTwVZ1poDDSyYcKTW6aQoQmsOCDEgQh+pyYQJSVIEqiFP32cjq43opHonf
OpykAiL2e7MiRYJur5E5xH2ZmT9SersPcACMoCu1DiHPJaGvxfl693gf4pgX6rDb
PWTNJqWpqwIDAQABo1UwUzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUF
BwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFPDjABVCI490LdvHPeotzNq3
xa9KMA0GCSqGSIb3DQEBCwUAA4IBAQA0cYKpYneOgBRGL/5q86g17qGOrQOWjdDr
1k7i817pBjIfRj9bm1n2iaSrC4GCt4Ok+hl/DyjPNDDUXZxEmfmxlugi6dKLPQp9
p30hlTB7E3ArHKkWXYGo19URewAUYOMEIR1lB5/RS21rnpUKHawrwi9pZHTwYQ5Q
QcnpA9/FvCbPo8gb9kPAuDyj39tdzzgNK/Xvj8ym9RhUbTtBgbWujRCIWU0L6bfl
i7DLfJoPSK+s6S5YGr88VAz0y9zAGD/2wGq9R1hUSDw0OfMgEm9GoSz6FpXKKBtl
M01bP11akztK8sWChdels4OXOsPQ1SdF2XE4od82cm6lA8IgE1hY
-----END CERTIFICATE-----

View file

@ -457,6 +457,8 @@ func main_0 () (error) {
var _bind string var _bind string
var _bindTls string var _bindTls string
var _bindTls2 string var _bindTls2 string
var _tlsPrivate string
var _tlsPublic string
var _archivePath string var _archivePath string
var _archiveInmem bool var _archiveInmem bool
var _archiveMmap bool var _archiveMmap bool
@ -544,6 +546,9 @@ func main_0 () (error) {
_timeoutDisabled_0 := _flags.Bool ("timeout-disable", false, "") _timeoutDisabled_0 := _flags.Bool ("timeout-disable", false, "")
_securityHeadersTls_0 := _flags.Bool ("security-headers-tls", false, "") _securityHeadersTls_0 := _flags.Bool ("security-headers-tls", false, "")
_securityHeadersDisabled_0 := _flags.Bool ("security-headers-disable", false, "") _securityHeadersDisabled_0 := _flags.Bool ("security-headers-disable", false, "")
_tlsPrivate_0 := _flags.String ("tls-private", "", "")
_tlsPublic_0 := _flags.String ("tls-public", "", "")
_tlsBundle_0 := _flags.String ("tls-bundle", "", "")
_processes_0 := _flags.Uint ("processes", 0, "") _processes_0 := _flags.Uint ("processes", 0, "")
_threads_0 := _flags.Uint ("threads", 0, "") _threads_0 := _flags.Uint ("threads", 0, "")
_slave_0 := _flags.Uint ("slave", 0, "") _slave_0 := _flags.Uint ("slave", 0, "")
@ -589,6 +594,22 @@ func main_0 () (error) {
if (_bind == "") && (_bindTls == "") && (_bindTls2 == "") { if (_bind == "") && (_bindTls == "") && (_bindTls2 == "") {
AbortError (nil, "[6edd9512] expected bind address argument!") AbortError (nil, "[6edd9512] expected bind address argument!")
} }
if (*_tlsBundle_0 != "") && ((*_tlsPrivate_0 != "") || (*_tlsPublic_0 != "")) {
AbortError (nil, "[717f5f84] TLS bundle and TLS private/public are mutually exclusive!")
}
if (*_tlsBundle_0 != "") {
_tlsPrivate = *_tlsBundle_0
_tlsPublic = *_tlsBundle_0
} else {
_tlsPrivate = *_tlsPrivate_0
_tlsPublic = *_tlsPublic_0
}
if ((_tlsPrivate != "") && (_tlsPublic == "")) || ((_tlsPublic != "") && (_tlsPrivate == "")) {
AbortError (nil, "[6e5b42e4] TLS private/public must be specified together!")
}
if ((_tlsPrivate != "") || (_tlsPublic != "")) && ((_bindTls == "") && (_bindTls2 == "")) {
AbortError (nil, "[4e31f251] TLS certificate specified, but TLS not enabled!")
}
if !_dummy { if !_dummy {
if _archivePath == "" { if _archivePath == "" {
@ -700,6 +721,12 @@ func main_0 () (error) {
if !_securityHeadersEnabled { if !_securityHeadersEnabled {
_processArguments = append (_processArguments, "--security-headers-disable") _processArguments = append (_processArguments, "--security-headers-disable")
} }
if _tlsPrivate != "" {
_processArguments = append (_processArguments, "--tls-private")
}
if _tlsPublic != "" {
_processArguments = append (_processArguments, "--tls-public")
}
if _timeoutDisabled { if _timeoutDisabled {
_processArguments = append (_processArguments, "--timeout-disable") _processArguments = append (_processArguments, "--timeout-disable")
} }
@ -1092,12 +1119,25 @@ func main_0 () (error) {
NextProtos : []string { "http/1.1", "http/1.0" }, NextProtos : []string { "http/1.1", "http/1.0" },
} }
if (_bindTls != "") || (_bindTls2 != "") {
if _tlsPrivate != "" {
if _certificate, _error := tls.LoadX509KeyPair (_tlsPublic, _tlsPrivate); _error == nil {
_tlsConfig.Certificates = append (_tlsConfig.Certificates, _certificate)
} else {
AbortError (_error, "[ecdf443d] failed loading TLS certificate!")
}
}
if len (_tlsConfig.Certificates) == 0 {
if !_quiet {
log.Printf ("[ii] [344ba198] no TLS certificate specified; using self-signed!")
}
if _certificate, _error := tls.X509KeyPair ([]byte (DefaultTlsCertificatePublic), []byte (DefaultTlsCertificatePrivate)); _error == nil { if _certificate, _error := tls.X509KeyPair ([]byte (DefaultTlsCertificatePublic), []byte (DefaultTlsCertificatePrivate)); _error == nil {
_tlsConfig.Certificates = append (_tlsConfig.Certificates, _certificate) _tlsConfig.Certificates = append (_tlsConfig.Certificates, _certificate)
} else { } else {
AbortError (_error, "[98ba6d23] failed parsing TLS certificate!") AbortError (_error, "[98ba6d23] failed parsing TLS certificate!")
} }
}
}
_httpServer := & fasthttp.Server { _httpServer := & fasthttp.Server {