3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-25 13:29:27 +01:00

restructure SSL/TLS a bit, name config items better

This commit is contained in:
Daniel Oaks 2016-04-28 20:12:23 +10:00
parent cfcecd0101
commit 2fb6acb92a
4 changed files with 29 additions and 27 deletions

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
/ircd.* /ircd.*
/ssl.* /ssl.*
/tls.*
_test _test

View File

@ -13,17 +13,17 @@ type PassConfig struct {
Password string Password string
} }
// SSLListenConfig defines configuration options for listening on SSL // TLSListenConfig defines configuration options for listening on TLS
type SSLListenConfig struct { type TLSListenConfig struct {
Cert string Cert string
Key string Key string
} }
// Certificate returns the SSL certificate assicated with this SSLListenConfig // Certificate returns the TLS certificate assicated with this TLSListenConfig
func (conf *SSLListenConfig) Config() (*tls.Config, error) { func (conf *TLSListenConfig) Config() (*tls.Config, error) {
cert, err := tls.LoadX509KeyPair(conf.Cert, conf.Key) cert, err := tls.LoadX509KeyPair(conf.Cert, conf.Key)
if err != nil { if err != nil {
return nil, errors.New("ssl cert+key: invalid pair") return nil, errors.New("tls cert+key: invalid pair")
} }
return &tls.Config{ return &tls.Config{
@ -49,14 +49,13 @@ type Config struct {
Name string Name string
Database string Database string
Listen []string Listen []string
Wslisten string Wslisten string `yaml:"ws-listen"`
TLSListeners map[string]*TLSListenConfig `yaml:"tls-listeners"`
Log string Log string
MOTD string MOTD string
ProxyAllowedFrom []string `yaml:"proxy-allowed-from"` ProxyAllowedFrom []string `yaml:"proxy-allowed-from"`
} }
SSLListener map[string]*SSLListenConfig
Operator map[string]*PassConfig Operator map[string]*PassConfig
Theater map[string]*PassConfig Theater map[string]*PassConfig
@ -82,16 +81,16 @@ func (conf *Config) Theaters() map[Name][]byte {
return theaters return theaters
} }
func (conf *Config) SSLListeners() map[Name]*tls.Config { func (conf *Config) TLSListeners() map[Name]*tls.Config {
sslListeners := make(map[Name]*tls.Config) tlsListeners := make(map[Name]*tls.Config)
for s, sslListenersConf := range conf.SSLListener { for s, tlsListenersConf := range conf.Server.TLSListeners {
config, err := sslListenersConf.Config() config, err := tlsListenersConf.Config()
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
sslListeners[NewName(s)] = config tlsListeners[NewName(s)] = config
} }
return sslListeners return tlsListeners
} }
func LoadConfig(filename string) (config *Config, err error) { func LoadConfig(filename string) (config *Config, err error) {

View File

@ -99,7 +99,7 @@ func NewServer(config *Config) *Server {
server.loadChannels() server.loadChannels()
for _, addr := range config.Server.Listen { for _, addr := range config.Server.Listen {
server.listen(addr, config.SSLListeners()) server.listen(addr, config.TLSListeners())
} }
if config.Server.Wslisten != "" { if config.Server.Wslisten != "" {
@ -240,18 +240,20 @@ func (server *Server) Run() {
// listen goroutine // listen goroutine
// //
func (s *Server) listen(addr string, ssl map[Name]*tls.Config) { func (s *Server) listen(addr string, tlsMap map[Name]*tls.Config) {
config, listenSSL := ssl[NewName(addr)] config, listenTLS := tlsMap[NewName(addr)]
listener, err := net.Listen("tcp", addr) listener, err := net.Listen("tcp", addr)
if err != nil { if err != nil {
log.Fatal(s, "listen error: ", err) log.Fatal(s, "listen error: ", err)
} }
if listenSSL { tlsString := "plaintext"
if listenTLS {
listener = tls.NewListener(listener, config) listener = tls.NewListener(listener, config)
tlsString = "TLS"
} }
Log.info.Printf("%s listening on %s. ssl: %t", s, addr, listenSSL) Log.info.Printf("%s listening on %s using %s.", s, addr, tlsString)
go func() { go func() {
for { for {

View File

@ -21,7 +21,14 @@ server:
- ":6697" # ssl port - ":6697" # ssl port
# websocket listening port # websocket listening port
wslisten: ":8080" ws-listen: ":8080"
# tls listeners
tls-listeners:
# listener on ":6697"
":6697":
key: tls.key
cert: tls.crt
# password to login to the server # password to login to the server
# generated using "oragono genpasswd" # generated using "oragono genpasswd"
@ -39,13 +46,6 @@ server:
- "localhost" - "localhost"
- "127.0.0.1" - "127.0.0.1"
# ssl listeners
ssllistener:
# listener on ":6697"
":6697":
key: ssl.key
cert: ssl.crt
# ircd operators # ircd operators
operator: operator:
# operator named 'dan' # operator named 'dan'