github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-16 04:17:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

tls: require mutual auth only when htpasswd not available

Browse Source
This commit is contained in:
Ramkumar Chinchani
2019-07-20 17:30:58 -07:00
parent 066bf1b9eb
commit 36ca298507
17 changed files with 113 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/controller.go
+6 -1
View File
@@ -44,6 +44,11 @@ func (c *Controller) Run() error {
return err
}
clientAuth := tls.VerifyClientCertIfGiven
if c.Config.HTTP.Auth.HTPasswd.Path == "" {
clientAuth = tls.RequireAndVerifyClientCert
}
if c.Config.HTTP.TLS.Key != "" && c.Config.HTTP.TLS.Cert != "" {
if c.Config.HTTP.TLS.CACert != "" {
caCert, err := ioutil.ReadFile(c.Config.HTTP.TLS.CACert)
@@ -53,7 +58,7 @@ func (c *Controller) Run() error {
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
server.TLSConfig = &tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
ClientAuth: clientAuth,
ClientCAs: caCertPool,
}
}