| 266 | } |
| 267 | |
| 268 | func (server *Server) tlsConfig() (*tls.Config, error) { |
| 269 | caFile := homedir.Expand(server.options.TLSCACrtFile) |
| 270 | caCert, err := os.ReadFile(caFile) |
| 271 | if err != nil { |
| 272 | return nil, errors.New("could not open CA crt file " + caFile) |
| 273 | } |
| 274 | caCertPool := x509.NewCertPool() |
| 275 | if !caCertPool.AppendCertsFromPEM(caCert) { |
| 276 | return nil, errors.New("could not parse CA crt file data in " + caFile) |
| 277 | } |
| 278 | tlsConfig := &tls.Config{ |
| 279 | ClientCAs: caCertPool, |
| 280 | ClientAuth: tls.RequireAndVerifyClientCert, |
| 281 | } |
| 282 | return tlsConfig, nil |
| 283 | } |