func setupTLS(ws *webserver.Server, config *serverconfig.Config, listen string) { cert, key := config.OptionalString("TLSCertFile", ""), config.OptionalString("TLSKeyFile", "") if !config.OptionalBool("https", true) { return } if (cert != "") != (key != "") { exitf("TLSCertFile and TLSKeyFile must both be either present or absent") } if cert == defCert && key == defKey { _, err1 := os.Stat(cert) _, err2 := os.Stat(key) if err1 != nil || err2 != nil { if os.IsNotExist(err1) || os.IsNotExist(err2) { if err := genSelfTLS(listen); err != nil { exitf("Could not generate self-signed TLS cert: %q", err) } } else { exitf("Could not stat cert or key: %q, %q", err1, err2) } } } if cert == "" && key == "" { err := genSelfTLS(listen) if err != nil { exitf("Could not generate self signed creds: %q", err) } cert = defCert key = defKey } ws.SetTLS(cert, key) }
// listenAndBaseURL finds the configured, default, or inferred listen address // and base URL from the command-line flags and provided config. func listenAndBaseURL(config *serverconfig.Config) (listen, baseURL string) { baseURL = config.OptionalString("baseURL", "") listen = *listenFlag listenConfig := config.OptionalString("listen", "") // command-line takes priority over config if listen == "" { listen = listenConfig if listen == "" { exitf("\"listen\" needs to be specified either in the config or on the command line") } } return }
func setupTLS(ws *webserver.Server, config *serverconfig.Config, listen string) { cert, key := config.OptionalString("TLSCertFile", ""), config.OptionalString("TLSKeyFile", "") if !config.OptionalBool("https", true) { return } if (cert != "") != (key != "") { exitf("TLSCertFile and TLSKeyFile must both be either present or absent") } defCert := osutil.DefaultTLSCert() defKey := osutil.DefaultTLSKey() if cert == defCert && key == defKey { _, err1 := os.Stat(cert) _, err2 := os.Stat(key) if err1 != nil || err2 != nil { if os.IsNotExist(err1) || os.IsNotExist(err2) { if err := genSelfTLS(listen); err != nil { exitf("Could not generate self-signed TLS cert: %q", err) } } else { exitf("Could not stat cert or key: %q, %q", err1, err2) } } } if cert == "" && key == "" { err := genSelfTLS(listen) if err != nil { exitf("Could not generate self signed creds: %q", err) } cert = defCert key = defKey } data, err := ioutil.ReadFile(cert) if err != nil { exitf("Failed to read pem certificate: %s", err) } block, _ := pem.Decode(data) if block == nil { exitf("Failed to decode pem certificate") } certif, err := x509.ParseCertificate(block.Bytes) if err != nil { exitf("Failed to parse certificate: %v", err) } sig := misc.SHA256Prefix(certif.Raw) log.Printf("TLS enabled, with SHA-256 certificate fingerprint: %v", sig) ws.SetTLS(cert, key) }