devproje/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2024-11-26 17:03:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

making alternatives constants

Browse source
This commit is contained in:
Justin Angel 2022-01-30 10:46:57 -05:00
parent d44b2a7c01
commit 310e7b15c7
2 changed files with 17 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
app.go
View file

@ -61,6 +61,10 @@ const (
errUnsupportedLetsEncryptChallengeType = Error( errUnsupportedLetsEncryptChallengeType = Error(
"unknown value for Lets Encrypt challenge type", "unknown value for Lets Encrypt challenge type",
) )
DisabledClientAuth = "disabled"
RelaxedClientAuth = "relaxed"
EnforcedClientAuth = "enforced"
) )
// Config contains the initial Headscale configuration. // Config contains the initial Headscale configuration.
@ -647,19 +651,19 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
} }
var clientAuthMode tls.ClientAuthType var clientAuthMode tls.ClientAuthType
if h.cfg.TLSClientAuthMode == "disabled" { switch h.cfg.TLSClientAuthMode {
case DisabledClientAuth:
// Client cert is _not_ required. // Client cert is _not_ required.
clientAuthMode = tls.NoClientCert clientAuthMode = tls.NoClientCert
} else if h.cfg.TLSClientAuthMode == "relaxed" { case RelaxedClientAuth:
// Client cert required, but not verified. // Client cert required, but _not verified_.
clientAuthMode = tls.RequireAnyClientCert clientAuthMode = tls.RequireAnyClientCert
} else if h.cfg.TLSClientAuthMode == "enforced" { case EnforcedClientAuth:
// Client cert is required and verified. // Client cert is _required and verified_.
clientAuthMode = tls.RequireAndVerifyClientCert clientAuthMode = tls.RequireAndVerifyClientCert
} else { default:
return nil, errors.New( return nil, Error("Invalid tls_client_auth_mode provided: " +
"Invalid tls_clientAuthMode provided: " + h.cfg.TLSClientAuthMode)
h.cfg.TLSClientAuthMode)
} }
log.Info().Msg(fmt.Sprintf( log.Info().Msg(fmt.Sprintf(

10
docs/tls.md
View file

@ -37,14 +37,12 @@ using TLS certificates. The capability can be configured by by applying one of
the following values to the `tls_client_auth_mode` setting in the configuration the following values to the `tls_client_auth_mode` setting in the configuration
file. file.
| Value | Behavior | | Value | Behavior |
| ----- | -------- | | ---------- | ---------------------------------------------------------- |
| `disabled` | Disable mTLS (default). | | `disabled` | Disable mTLS (default). |
| `relaxed` | A client certificate is required, but it is not verified. | | `relaxed` | A client certificate is required, but it is not verified. |
| `enforced` | Requires clients to supply a certificate that is verified. | | `enforced` | Requires clients to supply a certificate that is verified. |
```yaml ```yaml
tls_client_auth_mode: "" tls_client_auth_mode: ""
``` ```