mirror of
https://github.com/project-zot/zot.git
synced 2024-12-30 22:34:13 -05:00
tls: harden TLS path
This commit is contained in:
Ramkumar Chinchani
parent
d8cde533f5
commit
b6a0077d81
2 changed files with 11 additions and 4 deletions
|
|
@ -15,4 +15,5 @@ var (
|
||||||
ErrBadBlob = errors.New("blob: bad blob")
|
ErrBadBlob = errors.New("blob: bad blob")
|
||||||
ErrBadBlobDigest = errors.New("blob: bad blob digest")
|
ErrBadBlobDigest = errors.New("blob: bad blob digest")
|
||||||
ErrUnknownCode = errors.New("error: unknown error code")
|
ErrUnknownCode = errors.New("error: unknown error code")
|
||||||
|
ErrBadCACert = errors.New("tls: invalid ca cert")
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/anuvu/zot/errors"
|
||||||
"github.com/anuvu/zot/pkg/storage"
|
"github.com/anuvu/zot/pkg/storage"
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/rs/zerolog"
|
"github.com/rs/zerolog"
|
||||||
|
|
@ -56,11 +57,16 @@ func (c *Controller) Run() error {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
caCertPool := x509.NewCertPool()
|
caCertPool := x509.NewCertPool()
|
||||||
caCertPool.AppendCertsFromPEM(caCert)
|
if !caCertPool.AppendCertsFromPEM(caCert) {
|
||||||
server.TLSConfig = &tls.Config{
|
panic(errors.ErrBadCACert)
|
||||||
ClientAuth: clientAuth,
|
|
||||||
ClientCAs: caCertPool,
|
|
||||||
}
|
}
|
||||||
|
server.TLSConfig = &tls.Config{
|
||||||
|
ClientAuth: clientAuth,
|
||||||
|
ClientCAs: caCertPool,
|
||||||
|
PreferServerCipherSuites: true,
|
||||||
|
MinVersion: tls.VersionTLS12,
|
||||||
|
}
|
||||||
|
server.TLSConfig.BuildNameToCertificate()
|
||||||
}
|
}
|
||||||
|
|
||||||
return server.ServeTLS(l, c.Config.HTTP.TLS.Cert, c.Config.HTTP.TLS.Key)
|
return server.ServeTLS(l, c.Config.HTTP.TLS.Cert, c.Config.HTTP.TLS.Key)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue