extern/zrepl
1
0
Fork 0
mirror of https://github.com/zrepl/zrepl.git synced 2024-11-22 16:34:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
5615f4929a
zrepl/transport/tls/connect_tls.go

57 lines
1.3 KiB
Go
Raw Normal View History

rpc rewrite: control RPCs using gRPC + separate RPC for data transfer transport/ssh: update go-netssh to new version => supports CloseWrite and Deadlines => build: require Go 1.11 (netssh requires it)
2018-12-11 22:01:50 +01:00
package tls
WIP rewrite the daemon cmd subdir does not build on purpose, it's only left in tree to grab old code and move it to github.com/zrepl/zrepl/daemon
2018-08-27 22:21:45 +02:00
import (
"context"
"crypto/tls"
rpc rewrite: control RPCs using gRPC + separate RPC for data transfer transport/ssh: update go-netssh to new version => supports CloseWrite and Deadlines => build: require Go 1.11 (netssh requires it)
2018-12-11 22:01:50 +01:00
"net"
WIP rewrite the daemon cmd subdir does not build on purpose, it's only left in tree to grab old code and move it to github.com/zrepl/zrepl/daemon
2018-08-27 22:21:45 +02:00
"github.com/pkg/errors"
format source tree using goimports
2019-03-22 19:41:12 +01:00
WIP rewrite the daemon cmd subdir does not build on purpose, it's only left in tree to grab old code and move it to github.com/zrepl/zrepl/daemon
2018-08-27 22:21:45 +02:00
"github.com/zrepl/zrepl/config"
"github.com/zrepl/zrepl/tlsconf"
rpc rewrite: control RPCs using gRPC + separate RPC for data transfer transport/ssh: update go-netssh to new version => supports CloseWrite and Deadlines => build: require Go 1.11 (netssh requires it)
2018-12-11 22:01:50 +01:00
"github.com/zrepl/zrepl/transport"
WIP rewrite the daemon cmd subdir does not build on purpose, it's only left in tree to grab old code and move it to github.com/zrepl/zrepl/daemon
2018-08-27 22:21:45 +02:00
)
type TLSConnecter struct {
Address string
dialer net.Dialer
tlsConfig *tls.Config
}
Add `--skip-cert-check` flag to `zrepl configcheck` to prevent checking cert files It may be desirable to check that a config is valid without checking for the existence of certificate files (e.g. when validating a config inside a sandbox without access to the cert files). This will be very useful for NixOS so that we can check the config file at nix-build time (e.g. potentially without proper permissions to read cert files for a TLS connection). fixes https://github.com/zrepl/zrepl/issues/467 closes https://github.com/zrepl/zrepl/pull/587
2022-03-30 04:39:10 +02:00
func TLSConnecterFromConfig(in *config.TLSConnect, parseFlags config.ParseFlags) (*TLSConnecter, error) {
WIP rewrite the daemon cmd subdir does not build on purpose, it's only left in tree to grab old code and move it to github.com/zrepl/zrepl/daemon
2018-08-27 22:21:45 +02:00
dialer := net.Dialer{
Timeout: in.DialTimeout,
}
Add `--skip-cert-check` flag to `zrepl configcheck` to prevent checking cert files It may be desirable to check that a config is valid without checking for the existence of certificate files (e.g. when validating a config inside a sandbox without access to the cert files). This will be very useful for NixOS so that we can check the config file at nix-build time (e.g. potentially without proper permissions to read cert files for a TLS connection). fixes https://github.com/zrepl/zrepl/issues/467 closes https://github.com/zrepl/zrepl/pull/587
2022-03-30 04:39:10 +02:00
if parseFlags&config.ParseFlagsNoCertCheck != 0 {
daemon/job: test that sample configs are buildable
2020-07-19 23:59:33 +02:00
return &TLSConnecter{in.Address, dialer, nil}, nil
}
WIP rewrite the daemon cmd subdir does not build on purpose, it's only left in tree to grab old code and move it to github.com/zrepl/zrepl/daemon
2018-08-27 22:21:45 +02:00
ca, err := tlsconf.ParseCAFile(in.Ca)
if err != nil {
return nil, errors.Wrap(err, "cannot parse ca file")
}
cert, err := tls.LoadX509KeyPair(in.Cert, in.Key)
if err != nil {
return nil, errors.Wrap(err, "cannot parse cert/key pair")
}
tlsConfig, err := tlsconf.ClientAuthClient(in.ServerCN, ca, cert)
if err != nil {
return nil, errors.Wrap(err, "cannot build tls config")
}
return &TLSConnecter{in.Address, dialer, tlsConfig}, nil
}
rpc rewrite: control RPCs using gRPC + separate RPC for data transfer transport/ssh: update go-netssh to new version => supports CloseWrite and Deadlines => build: require Go 1.11 (netssh requires it)
2018-12-11 22:01:50 +01:00
func (c *TLSConnecter) Connect(dialCtx context.Context) (transport.Wire, error) {
conn, err := c.dialer.DialContext(dialCtx, "tcp", c.Address)
transport/tlsclientauth: handle cancellation of dialCtx
2018-10-19 16:08:20 +02:00
if err != nil {
return nil, err
}
rpc rewrite: control RPCs using gRPC + separate RPC for data transfer transport/ssh: update go-netssh to new version => supports CloseWrite and Deadlines => build: require Go 1.11 (netssh requires it)
2018-12-11 22:01:50 +01:00
tcpConn := conn.(*net.TCPConn)
tlsConn := tls.Client(conn, c.tlsConfig)
return newWireAdaptor(tlsConn, tcpConn), nil
WIP rewrite the daemon cmd subdir does not build on purpose, it's only left in tree to grab old code and move it to github.com/zrepl/zrepl/daemon
2018-08-27 22:21:45 +02:00
}
Reference in New Issue Copy Permalink