updated the server to trust the embedded cert if no client ca is explicitly specified

2024-12-07 21:31:06 +09:00 · 2024-12-07 21:31:06 +09:00 · 6d87351e5e
commit 6d87351e5e
parent 21997e6f74
2 changed files with 24 additions and 22 deletions
--- a/client.go
+++ b/client.go
@ -519,7 +519,9 @@ func (r *ClientRoute) ReportEvent(pts_id uint32, event_type PACKET_KIND, event_d
 				} else {
 					_, err = ptc.conn.Write(data)
 					if err != nil {
-						r.cts.cli.log.Write(r.cts.sid, LOG_ERROR, "Failed to write to peer(%d,%d,%s,%s) - %s", r.id, pts_id, ptc.conn.RemoteAddr().String(), ptc.conn.LocalAddr().String(), err.Error())
+						r.cts.cli.log.Write(r.cts.sid, LOG_ERROR,
+							"Failed to write to peer(%d,%d,%s,%s) - %s",
+							r.id, pts_id, ptc.conn.RemoteAddr().String(), ptc.conn.LocalAddr().String(), err.Error())
 						ptc.ReqStop()
 					}
 				}
--- a/cmd/config.go
+++ b/cmd/config.go
@ -128,6 +128,7 @@ func make_tls_server_config(cfg *ServerTLSConfig) (*tls.Config, error) {
 	if cfg.Enabled {
 		var cert tls.Certificate
 		var cert_pool *x509.CertPool
+		var ok bool
 		var err error

 		if cfg.CertText != "" && cfg.KeyText != "" {
@ -142,26 +143,26 @@ func make_tls_server_config(cfg *ServerTLSConfig) (*tls.Config, error) {
 			return nil, fmt.Errorf("failed to load key pair - %s", err)
 		}

-		if cfg.ClientCACertText != "" || cfg.ClientCACertFile != ""{
-			var ok bool
-
-			cert_pool = x509.NewCertPool()
-
-			if cfg.ClientCACertText != "" {
-				ok = cert_pool.AppendCertsFromPEM([]byte(cfg.ClientCACertText))
-				if !ok {
-					return nil, fmt.Errorf("failed to append certificate to pool")
-				}
-			} else if cfg.ClientCACertFile != "" {
-				var text []byte
-				text, err = ioutil.ReadFile(cfg.ClientCACertFile)
-				if err != nil {
-					return nil, fmt.Errorf("failed to load ca certficate file %s - %s", cfg.ClientCACertFile, err.Error())
-				}
-				ok = cert_pool.AppendCertsFromPEM(text)
-				if !ok {
-					return nil, fmt.Errorf("failed to append certificate to pool")
-				}
+		cert_pool = x509.NewCertPool()
+		if cfg.ClientCACertText != "" {
+			ok = cert_pool.AppendCertsFromPEM([]byte(cfg.ClientCACertText))
+			if !ok {
+				return nil, fmt.Errorf("failed to append certificate to pool")
+			}
+		} else if cfg.ClientCACertFile != "" {
+			var text []byte
+			text, err = ioutil.ReadFile(cfg.ClientCACertFile)
+			if err != nil {
+				return nil, fmt.Errorf("failed to load ca certficate file %s - %s", cfg.ClientCACertFile, err.Error())
+			}
+			ok = cert_pool.AppendCertsFromPEM(text)
+			if !ok {
+				return nil, fmt.Errorf("failed to append certificate to pool")
+			}
+		} else {
+			ok = cert_pool.AppendCertsFromPEM(hodu_tls_cert_text)
+			if !ok {
+				return nil, fmt.Errorf("failed to append certificate to pool")
 			}
 		}

@ -201,7 +202,6 @@ func make_tls_client_config(cfg *ClientTLSConfig) (*tls.Config, error) {
 		}

 		cert_pool = x509.NewCertPool()
-
 		if cfg.ServerCACertText != "" {
 			ok = cert_pool.AppendCertsFromPEM([]byte(cfg.ServerCACertText))
 			if !ok {