Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Code Issues Activity

Merge pull request #16 from rchincha/tls

Browse source 
tls: harden TLS path
This commit is contained in:
Ramkumar Chinchani 2019-08-27 15:45:15 -07:00 committed by GitHub
commit ae6651a919
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
errors/errors.go
View file

@ -15,4 +15,5 @@ var (
ErrBadBlob = errors.New("blob: bad blob")
ErrBadBlobDigest = errors.New("blob: bad blob digest")
ErrUnknownCode = errors.New("error: unknown error code")
ErrBadCACert = errors.New("tls: invalid ca cert")
)

14
pkg/api/controller.go
View file

@ -8,6 +8,7 @@ import (
"net"
"net/http"
"github.com/anuvu/zot/errors"
"github.com/anuvu/zot/pkg/storage"
"github.com/gorilla/mux"
"github.com/rs/zerolog"
@ -56,11 +57,16 @@ func (c *Controller) Run() error {
panic(err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
server.TLSConfig = &tls.Config{
ClientAuth: clientAuth,
ClientCAs: caCertPool,
if !caCertPool.AppendCertsFromPEM(caCert) {
panic(errors.ErrBadCACert)
}
server.TLSConfig = &tls.Config{
ClientAuth: clientAuth,
ClientCAs: caCertPool,
PreferServerCipherSuites: true,
MinVersion: tls.VersionTLS12,
}
server.TLSConfig.BuildNameToCertificate()
}
return server.ServeTLS(l, c.Config.HTTP.TLS.Cert, c.Config.HTTP.TLS.Key)