Skip to content

Commit 63fe34a

Browse files
zwtopzwtop
committed
grpc config add options tcp_tls_ca
Signed-off-by: zwtop <[email protected]>
1 parent 0a3a77b commit 63fe34a

2 files changed

Lines changed: 20 additions & 2 deletions

File tree

services/server/config/config.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -122,6 +122,7 @@ func (c *Config) ValidateV2() error {
122122
type GRPCConfig struct {
123123
Address string `toml:"address"`
124124
TCPAddress string `toml:"tcp_address"`
125+
TCPTLSCA string `toml:"tcp_tls_ca"`
125126
TCPTLSCert string `toml:"tcp_tls_cert"`
126127
TCPTLSKey string `toml:"tcp_tls_key"`
127128
UID int `toml:"uid"`

services/server/server.go

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,11 @@ package server
1818

1919
import (
2020
"context"
21+
"crypto/tls"
22+
"crypto/x509"
2123
"expvar"
2224
"io"
25+
"io/ioutil"
2326
"net"
2427
"net/http"
2528
"net/http/pprof"
@@ -111,11 +114,25 @@ func New(ctx context.Context, config *srvconfig.Config) (*Server, error) {
111114
tcpServerOpts := serverOpts
112115
if config.GRPC.TCPTLSCert != "" {
113116
log.G(ctx).Info("setting up tls on tcp GRPC services...")
114-
creds, err := credentials.NewServerTLSFromFile(config.GRPC.TCPTLSCert, config.GRPC.TCPTLSKey)
117+
118+
tlsCert, err := tls.LoadX509KeyPair(config.GRPC.TCPTLSCert, config.GRPC.TCPTLSKey)
115119
if err != nil {
116120
return nil, err
117121
}
118-
tcpServerOpts = append(tcpServerOpts, grpc.Creds(creds))
122+
tlsConfig := &tls.Config{Certificates: []tls.Certificate{tlsCert}}
123+
124+
if config.GRPC.TCPTLSCA != "" {
125+
caCertPool := x509.NewCertPool()
126+
caCert, err := ioutil.ReadFile(config.GRPC.TCPTLSCA)
127+
if err != nil {
128+
return nil, errors.Wrap(err, "failed to load CA file")
129+
}
130+
caCertPool.AppendCertsFromPEM(caCert)
131+
tlsConfig.ClientCAs = caCertPool
132+
tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
133+
}
134+
135+
tcpServerOpts = append(tcpServerOpts, grpc.Creds(credentials.NewTLS(tlsConfig)))
119136
}
120137
var (
121138
grpcServer = grpc.NewServer(serverOpts...)

0 commit comments

Comments
 (0)