Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
小 白蛋
Nomad
Commits
a495c83a
Commit
a495c83a
authored
7 years ago
by
Alex Dadgar
Browse files
Options
Download
Email Patches
Plain Diff
Store the whole verified certificate chain
parent
7f4d9292
Branches unavailable
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
nomad/rpc.go
+6
-13
nomad/rpc.go
with
6 additions
and
13 deletions
+6
-13
nomad/rpc.go
+
6
-
13
View file @
a495c83a
...
...
@@ -3,6 +3,7 @@ package nomad
import
(
"context"
"crypto/tls"
"crypto/x509"
"fmt"
"io"
"math/rand"
...
...
@@ -66,11 +67,9 @@ type RPCContext struct {
// TLS marks whether the RPC is over a TLS based connection
TLS
bool
// TLSRole is the certificate role making the TLS connection.
TLSRole
string
// TLSRegion is the region on the certificate making the TLS connection
TLSRegion
string
// VerifiedChains is is the Verified certificates presented by the incoming
// connection.
VerifiedChains
[][]
*
x509
.
Certificate
// NodeID marks the NodeID that initiated the connection.
NodeID
string
...
...
@@ -174,15 +173,9 @@ func (s *Server) handleConn(conn net.Conn, ctx *RPCContext) {
// using TLS
ctx
.
TLS
=
true
//
Pars
e the
region and role from the TLS certific
ate
//
Stor
e the
verified chains so they can be inspected l
ate
r.
state
:=
tlsConn
.
ConnectionState
()
parts
:=
strings
.
SplitN
(
state
.
ServerName
,
"."
,
3
)
if
len
(
parts
)
!=
3
||
(
parts
[
0
]
!=
"server"
&&
parts
[
0
]
!=
"client"
)
||
parts
[
2
]
!=
"nomad"
{
s
.
logger
.
Printf
(
"[WARN] nomad.rpc: invalid server name %q on verified TLS connection"
,
state
.
ServerName
)
}
else
{
ctx
.
TLSRole
=
parts
[
0
]
ctx
.
TLSRegion
=
parts
[
1
]
}
ctx
.
VerifiedChains
=
state
.
VerifiedChains
s
.
handleConn
(
conn
,
ctx
)
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Menu
Projects
Groups
Snippets
Help