[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [snowflake/master] Added an option to use a conventional certificate

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [snowflake/master] Added an option to use a conventional certificate
From: cohosh@xxxxxxxxxxxxxx
Date: Tue, 14 May 2019 21:21:34 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 14 May 2019 17:21:43 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Cecylia Bocovich <cohosh@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 1133e01363d88ca21f2abcc22cbe53698ceb4d9e
Author: Cecylia Bocovich <cohosh@xxxxxxxxxxxxxx>
Date:   Tue May 14 17:01:45 2019 -0400

    Added an option to use a conventional certificate
---
 broker/broker.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/broker/broker.go b/broker/broker.go
index b1fed9a..a18ca1b 100644
--- a/broker/broker.go
+++ b/broker/broker.go
@@ -229,9 +229,12 @@ func main() {
 	var acmeHostnamesCommas string
 	var addr string
 	var disableTLS bool
+	var certFilename, keyFilename string
 
 	flag.StringVar(&acmeEmail, "acme-email", "", "optional contact email for Let's Encrypt notifications")
 	flag.StringVar(&acmeHostnamesCommas, "acme-hostnames", "", "comma-separated hostnames for TLS certificate")
+	flag.StringVar(&certFilename, "cert", "", "TLS certificate file")
+	flag.StringVar(&keyFilename, "key", "", "TLS private key file")
 	flag.StringVar(&addr, "addr", ":443", "address to listen on")
 	flag.BoolVar(&disableTLS, "disable-tls", false, "don't use HTTPS")
 	flag.Parse()
@@ -258,6 +261,13 @@ func main() {
 		Addr: addr,
 	}
 
+	// Handle the various ways of setting up TLS. The legal configurations
+	// are:
+	//   --acme-hostnames (with optional --acme-email)
+	//   --cert and --key together
+	//   --disable-tls
+	// The outputs of this block of code are the disableTLS,
+	// needHTTP01Listener, certManager, and getCertificate variables.
 	if acmeHostnamesCommas != "" {
 		acmeHostnames := strings.Split(acmeHostnamesCommas, ",")
 		log.Printf("ACME hostnames: %q", acmeHostnames)
@@ -274,10 +284,15 @@ func main() {
 
 		server.TLSConfig = &tls.Config{GetCertificate: certManager.GetCertificate}
 		err = server.ListenAndServeTLS("", "")
+	} else if certFilename != "" && keyFilename != "" {
+		if acmeEmail != "" || acmeHostnamesCommas != "" {
+			log.Fatalf("The --cert and --key options are not allowed with --acme-email or --acme-hostnames.")
+		}
+		err = server.ListenAndServeTLS(certFilename, keyFilename)
 	} else if disableTLS {
 		err = server.ListenAndServe()
 	} else {
-		log.Fatal("the --acme-hostnames or --disable-tls option is required")
+		log.Fatal("the --acme-hostnames, --cert and --key, or --disable-tls option is required")
 	}
 
 	if err != nil {

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [snowflake/master] Added tests to check large read guards
Next by Author: [tor-commits] [snowflake/master] Guard against large reads
Previous by thread: [tor-commits] [tor/master] Merge remote-tracking branch 'tor-github/pr/1004'
Next by thread: [tor-commits] [torbutton/master] Release preparations for 2.1.8
Index(es):
- Author
- Thread