synced/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2025-04-17 19:37:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3187 from akhilmhdh/feat/connector

Browse Source 
feat: added ca to cli
This commit is contained in:
Maidul Islam
2025-03-05 10:13:27 -05:00
committed by GitHub
parent 24d4f8100c a8398a7009
commit 2cfca823f2
2 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cli/config/infisical-relay.yaml
View File

@ -1,3 +1,8 @@
public_ip: 127.0.0.1
auth_secret: changeThisOnProduction
realm: infisical.org
# set port 5349 for tls
# port: 5349
# tls_private_key_path: /full-path
# tls_ca_path: /full-path
# tls_cert_path: /full-path

25
cli/packages/gateway/relay.go
View File

@ -3,6 +3,7 @@ package gateway
import (
"context"
"crypto/tls"
"crypto/x509"
"errors"
"fmt"
"net"
@ -37,8 +38,10 @@ type GatewayRelayConfig struct {
RelayMaxPort uint16 `yaml:"relay_max_port"`
TlsCertPath string `yaml:"tls_cert_path"`
TlsPrivateKeyPath string `yaml:"tls_private_key_path"`
TlsCaPath string `yaml:"tls_ca_path"`
tls tls.Certificate
tlsCa string
isTlsEnabled bool
}
@ -79,19 +82,19 @@ func NewGatewayRelay(configFilePath string) (*GatewayRelay, error) {
return nil, errMissingTlsCert
}
tlsCertFile, err := os.ReadFile(cfg.TlsCertPath)
cert, err := tls.LoadX509KeyPair(cfg.TlsCertPath, cfg.TlsPrivateKeyPath)
if err != nil {
return nil, err
}
tlsPrivateKeyFile, err := os.ReadFile(cfg.TlsPrivateKeyPath)
if err != nil {
return nil, err
return nil, fmt.Errorf("Failed to read load server tls key pair: %w", err)
}
cert, err := tls.LoadX509KeyPair(string(tlsCertFile), string(tlsPrivateKeyFile))
if err != nil {
return nil, err
if cfg.TlsCaPath != "" {
ca, err := os.ReadFile(cfg.TlsCaPath)
if err != nil {
return nil, fmt.Errorf("Failed to read tls ca: %w", err)
}
cfg.tlsCa = string(ca)
}
cfg.tls = cert
cfg.isTlsEnabled = true
}
@ -140,8 +143,12 @@ func (g *GatewayRelay) Run() error {
}
if g.Config.isTlsEnabled {
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM([]byte(g.Config.tlsCa))
listenerConfigs[i].Listener = tls.NewListener(conn, &tls.Config{
Certificates: []tls.Certificate{g.Config.tls},
ClientCAs: caCertPool,
})
} else {
listenerConfigs[i].Listener = conn