not use selfsigned certs
Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org>
This commit is contained in:
parent
bf27264d70
commit
f4ab3cbb40
30
http.go
30
http.go
@ -5,6 +5,7 @@ import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
@ -14,10 +15,8 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/unistack-org/micro/v3/network/transport"
|
||||
maddr "github.com/unistack-org/micro/v3/util/addr"
|
||||
"github.com/unistack-org/micro/v3/util/buf"
|
||||
mnet "github.com/unistack-org/micro/v3/util/net"
|
||||
mls "github.com/unistack-org/micro/v3/util/tls"
|
||||
"golang.org/x/net/http2"
|
||||
"golang.org/x/net/http2/h2c"
|
||||
)
|
||||
@ -533,30 +532,11 @@ func (h *httpTransport) Listen(addr string, opts ...transport.ListenOption) (tra
|
||||
var err error
|
||||
|
||||
// TODO: support use of listen options
|
||||
if h.opts.Secure || h.opts.TLSConfig != nil {
|
||||
config := h.opts.TLSConfig
|
||||
|
||||
if h.opts.Secure && h.opts.TLSConfig == nil {
|
||||
return nil, fmt.Errorf("request secure communication, but *tls.Config is nil")
|
||||
} else if h.opts.Secure && h.opts.TLSConfig != nil {
|
||||
fn := func(addr string) (net.Listener, error) {
|
||||
if config == nil {
|
||||
hosts := []string{addr}
|
||||
|
||||
// check if its a valid host:port
|
||||
if host, _, err := net.SplitHostPort(addr); err == nil {
|
||||
if len(host) == 0 {
|
||||
hosts = maddr.IPs()
|
||||
} else {
|
||||
hosts = []string{host}
|
||||
}
|
||||
}
|
||||
|
||||
// generate a certificate
|
||||
cert, err := mls.Certificate(hosts...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
config = &tls.Config{Certificates: []tls.Certificate{cert}}
|
||||
}
|
||||
return tls.Listen("tcp", addr, config)
|
||||
return tls.Listen("tcp", addr, h.opts.TLSConfig)
|
||||
}
|
||||
|
||||
l, err = mnet.Listen(addr, fn)
|
||||
|
Loading…
Reference in New Issue
Block a user