fix: https enhancement
This commit is contained in:
@@ -74,8 +74,8 @@ func HttpListen(addr string, router http.Handler) {
|
||||
}
|
||||
}
|
||||
|
||||
func HttpListenTLS(addr, caFile, certFile, keyFile string, router http.Handler) {
|
||||
HttpListenConfigTLS(addr, caFile, certFile, keyFile, router)
|
||||
func HttpListenTLS(addr, caFile, certFile, keyFile string, clientAuthType int, router http.Handler) {
|
||||
HttpListenConfigTLS(addr, caFile, certFile, keyFile, clientAuthType, router)
|
||||
err := http.ListenAndServeTLS(addr, certFile, keyFile, router)
|
||||
if err != nil {
|
||||
fmt.Println("ListenAndServeTLS err:", err)
|
||||
@@ -83,7 +83,7 @@ func HttpListenTLS(addr, caFile, certFile, keyFile string, router http.Handler)
|
||||
}
|
||||
}
|
||||
|
||||
func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Handler) {
|
||||
func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, clientAuthType int, router http.Handler) {
|
||||
// 加载根证书
|
||||
caCert, err := os.ReadFile(caFile)
|
||||
if err != nil {
|
||||
@@ -97,7 +97,7 @@ func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Han
|
||||
MinVersion: tls.VersionTLS10,
|
||||
MaxVersion: tls.VersionTLS13,
|
||||
ClientCAs: caCertPool,
|
||||
//ClientAuth: tls.RequireAndVerifyClientCert,
|
||||
ClientAuth: tls.ClientAuthType(clientAuthType),
|
||||
}
|
||||
|
||||
// 创建HTTP服务器
|
||||
@@ -114,8 +114,8 @@ func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Han
|
||||
}
|
||||
}
|
||||
|
||||
func HttpListenWebServerTLS(addr, caFile, certFile, keyFile string) {
|
||||
HttpListenConfigTLS(addr, caFile, certFile, keyFile, nil)
|
||||
func HttpListenWebServerTLS(addr, caFile, certFile, keyFile string, clientAuthType int) {
|
||||
HttpListenConfigTLS(addr, caFile, certFile, keyFile, clientAuthType, nil)
|
||||
err := http.ListenAndServeTLS(addr, certFile, keyFile, nil)
|
||||
if err != nil {
|
||||
fmt.Println("ListenAndServeTLS err:", err)
|
||||
@@ -194,7 +194,7 @@ func main() {
|
||||
if rest.IPv4 != "" {
|
||||
listen := rest.IPv4 + ":" + strconv.Itoa(int(rest.Port))
|
||||
if strings.ToLower(rest.Scheme) == "https" {
|
||||
go HttpListenTLS(listen, rest.CaFile, rest.CertFile, rest.KeyFile, app)
|
||||
go HttpListenTLS(listen, rest.CaFile, rest.CertFile, rest.KeyFile, rest.ClientAuthType, app)
|
||||
} else {
|
||||
go HttpListen(listen, app)
|
||||
}
|
||||
@@ -203,7 +203,7 @@ func main() {
|
||||
// 默认启动localhost侦听
|
||||
listenLocal := "127.0.0.1" + ":" + strconv.Itoa(int(rest.Port))
|
||||
if strings.ToLower(rest.Scheme) == "https" {
|
||||
go HttpListenTLS(listenLocal, rest.CaFile, rest.CertFile, rest.KeyFile, app)
|
||||
go HttpListenTLS(listenLocal, rest.CaFile, rest.CertFile, rest.KeyFile, rest.ClientAuthType, app)
|
||||
} else {
|
||||
go HttpListen(listenLocal, app)
|
||||
}
|
||||
@@ -212,7 +212,7 @@ func main() {
|
||||
if rest.IPv6 != "" {
|
||||
listenv6 := "[" + rest.IPv6 + "]" + ":" + strconv.Itoa(int(rest.Port))
|
||||
if strings.ToLower(rest.Scheme) == "https" {
|
||||
go HttpListenTLS(listenv6, rest.CaFile, rest.CertFile, rest.KeyFile, app)
|
||||
go HttpListenTLS(listenv6, rest.CaFile, rest.CertFile, rest.KeyFile, rest.ClientAuthType, app)
|
||||
} else {
|
||||
go HttpListen(listenv6, app)
|
||||
}
|
||||
@@ -234,7 +234,7 @@ func main() {
|
||||
http.Handle("/", fs)
|
||||
for _, listen := range conf.WebServer.Listen {
|
||||
if strings.ToLower(listen.Scheme) == "https" {
|
||||
go HttpListenWebServerTLS(listen.Addr, listen.CaFile, listen.CertFile, listen.KeyFile)
|
||||
go HttpListenWebServerTLS(listen.Addr, listen.CaFile, listen.CertFile, listen.KeyFile, listen.ClientAuthType)
|
||||
} else {
|
||||
go HttpListenWebServer(listen.Addr)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user