From 2fb6acb92a095db48c58ebcdd55a01b8a4a36994 Mon Sep 17 00:00:00 2001 From: Daniel Oaks Date: Thu, 28 Apr 2016 20:12:23 +1000 Subject: [PATCH] restructure SSL/TLS a bit, name config items better --- .gitignore | 1 + irc/config.go | 27 +++++++++++++-------------- irc/server.go | 12 +++++++----- oragono.yaml | 16 ++++++++-------- 4 files changed, 29 insertions(+), 27 deletions(-) diff --git a/.gitignore b/.gitignore index d42a1631..55ec8f95 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /ircd.* /ssl.* +/tls.* _test diff --git a/irc/config.go b/irc/config.go index 571f0a58..d9fdf4f8 100644 --- a/irc/config.go +++ b/irc/config.go @@ -13,17 +13,17 @@ type PassConfig struct { Password string } -// SSLListenConfig defines configuration options for listening on SSL -type SSLListenConfig struct { +// TLSListenConfig defines configuration options for listening on TLS +type TLSListenConfig struct { Cert string Key string } -// Certificate returns the SSL certificate assicated with this SSLListenConfig -func (conf *SSLListenConfig) Config() (*tls.Config, error) { +// Certificate returns the TLS certificate assicated with this TLSListenConfig +func (conf *TLSListenConfig) Config() (*tls.Config, error) { cert, err := tls.LoadX509KeyPair(conf.Cert, conf.Key) if err != nil { - return nil, errors.New("ssl cert+key: invalid pair") + return nil, errors.New("tls cert+key: invalid pair") } return &tls.Config{ @@ -49,14 +49,13 @@ type Config struct { Name string Database string Listen []string - Wslisten string + Wslisten string `yaml:"ws-listen"` + TLSListeners map[string]*TLSListenConfig `yaml:"tls-listeners"` Log string MOTD string ProxyAllowedFrom []string `yaml:"proxy-allowed-from"` } - SSLListener map[string]*SSLListenConfig - Operator map[string]*PassConfig Theater map[string]*PassConfig @@ -82,16 +81,16 @@ func (conf *Config) Theaters() map[Name][]byte { return theaters } -func (conf *Config) SSLListeners() map[Name]*tls.Config { - sslListeners := make(map[Name]*tls.Config) - for s, sslListenersConf := range conf.SSLListener { - config, err := sslListenersConf.Config() +func (conf *Config) TLSListeners() map[Name]*tls.Config { + tlsListeners := make(map[Name]*tls.Config) + for s, tlsListenersConf := range conf.Server.TLSListeners { + config, err := tlsListenersConf.Config() if err != nil { log.Fatal(err) } - sslListeners[NewName(s)] = config + tlsListeners[NewName(s)] = config } - return sslListeners + return tlsListeners } func LoadConfig(filename string) (config *Config, err error) { diff --git a/irc/server.go b/irc/server.go index 2e449feb..75ed0519 100644 --- a/irc/server.go +++ b/irc/server.go @@ -99,7 +99,7 @@ func NewServer(config *Config) *Server { server.loadChannels() for _, addr := range config.Server.Listen { - server.listen(addr, config.SSLListeners()) + server.listen(addr, config.TLSListeners()) } if config.Server.Wslisten != "" { @@ -240,18 +240,20 @@ func (server *Server) Run() { // listen goroutine // -func (s *Server) listen(addr string, ssl map[Name]*tls.Config) { - config, listenSSL := ssl[NewName(addr)] +func (s *Server) listen(addr string, tlsMap map[Name]*tls.Config) { + config, listenTLS := tlsMap[NewName(addr)] listener, err := net.Listen("tcp", addr) if err != nil { log.Fatal(s, "listen error: ", err) } - if listenSSL { + tlsString := "plaintext" + if listenTLS { listener = tls.NewListener(listener, config) + tlsString = "TLS" } - Log.info.Printf("%s listening on %s. ssl: %t", s, addr, listenSSL) + Log.info.Printf("%s listening on %s using %s.", s, addr, tlsString) go func() { for { diff --git a/oragono.yaml b/oragono.yaml index a16cdf4e..ff9c4f3b 100644 --- a/oragono.yaml +++ b/oragono.yaml @@ -21,7 +21,14 @@ server: - ":6697" # ssl port # websocket listening port - wslisten: ":8080" + ws-listen: ":8080" + + # tls listeners + tls-listeners: + # listener on ":6697" + ":6697": + key: tls.key + cert: tls.crt # password to login to the server # generated using "oragono genpasswd" @@ -39,13 +46,6 @@ server: - "localhost" - "127.0.0.1" -# ssl listeners -ssllistener: - # listener on ":6697" - ":6697": - key: ssl.key - cert: ssl.crt - # ircd operators operator: # operator named 'dan'