MCPcopy
hub / github.com/seaweedfs/seaweedfs / LoadClientTLS

Function LoadClientTLS

weed/security/tls.go:167–215  ·  view source on GitHub ↗
(config *util.ViperProxy, component string)

Source from the content-addressed store, hash-verified

165}
166
167func LoadClientTLS(config *util.ViperProxy, component string) grpc.DialOption {
168 if config == nil {
169 return grpc.WithTransportCredentials(insecure.NewCredentials())
170 }
171
172 certFileName, keyFileName, caFileName := config.GetString(component+".cert"), config.GetString(component+".key"), config.GetString("grpc.ca")
173 if certFileName == "" || keyFileName == "" || caFileName == "" {
174 return grpc.WithTransportCredentials(insecure.NewCredentials())
175 }
176
177 clientOptions := pemfile.Options{
178 CertFile: certFileName,
179 KeyFile: keyFileName,
180 RefreshDuration: CredRefreshingInterval,
181 }
182 clientProvider, err := pemfile.NewProvider(clientOptions)
183 if err != nil {
184 glog.Warningf("pemfile.NewProvider(%v) failed %v", clientOptions, err)
185 return grpc.WithTransportCredentials(insecure.NewCredentials())
186 }
187 clientRootOptions := pemfile.Options{
188 RootFile: config.GetString("grpc.ca"),
189 RefreshDuration: CredRefreshingInterval,
190 }
191 clientRootProvider, err := pemfile.NewProvider(clientRootOptions)
192 if err != nil {
193 glog.Warningf("pemfile.NewProvider(%v) failed: %v", clientRootOptions, err)
194 return grpc.WithTransportCredentials(insecure.NewCredentials())
195 }
196 options := &advancedtls.Options{
197 IdentityOptions: advancedtls.IdentityCertificateOptions{
198 IdentityProvider: clientProvider,
199 },
200 AdditionalPeerVerification: func(params *advancedtls.HandshakeVerificationInfo) (*advancedtls.PostHandshakeVerificationResults, error) {
201 return &advancedtls.PostHandshakeVerificationResults{}, nil
202 },
203 RootOptions: advancedtls.RootCertificateOptions{
204 RootProvider: clientRootProvider,
205 },
206 VerificationType: advancedtls.CertVerification,
207 }
208 ta, err := advancedtls.NewClientCreds(options)
209 if err != nil {
210 glog.Warningf("advancedtls.NewClientCreds(%v) failed: %v", options, err)
211 return grpc.WithTransportCredentials(insecure.NewCredentials())
212 }
213 wrapped := &SNIStrippingTransportCredentials{creds: ta}
214 return grpc.WithTransportCredentials(wrapped)
215}
216
217// LoadHTTPClientFromFile creates an HTTP client using the https.client TLS
218// settings from the given security config file. Returns nil if HTTPS is not

Callers 15

followMetadataSlowlyFunction · 0.92
mainFunction · 0.92
mainFunction · 0.92
mainFunction · 0.92
mainFunction · 0.92
runFilerMetaBackupFunction · 0.92
startWebDavMethod · 0.92
runBackupFunction · 0.92
runBenchmarkFunction · 0.92
RunMountFunction · 0.92
runCopyFunction · 0.92

Calls 2

WarningfFunction · 0.92
GetStringMethod · 0.65

Tested by 2

followMetadataSlowlyFunction · 0.74