[tor-commits] [snowflake/master] Added an option to use a conventional certificate

Tue, 14 May 2019 14:21:46 -0700 

commit 1133e01363d88ca21f2abcc22cbe53698ceb4d9e
Author: Cecylia Bocovich <coh...@torproject.org>
Date:   Tue May 14 17:01:45 2019 -0400

    Added an option to use a conventional certificate
---
 broker/broker.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/broker/broker.go b/broker/broker.go
index b1fed9a..a18ca1b 100644
--- a/broker/broker.go
+++ b/broker/broker.go
@@ -229,9 +229,12 @@ func main() {
        var acmeHostnamesCommas string
        var addr string
        var disableTLS bool
+       var certFilename, keyFilename string
 
        flag.StringVar(&acmeEmail, "acme-email", "", "optional contact email 
for Let's Encrypt notifications")
        flag.StringVar(&acmeHostnamesCommas, "acme-hostnames", "", 
"comma-separated hostnames for TLS certificate")
+       flag.StringVar(&certFilename, "cert", "", "TLS certificate file")
+       flag.StringVar(&keyFilename, "key", "", "TLS private key file")
        flag.StringVar(&addr, "addr", ":443", "address to listen on")
        flag.BoolVar(&disableTLS, "disable-tls", false, "don't use HTTPS")
        flag.Parse()
@@ -258,6 +261,13 @@ func main() {
                Addr: addr,
        }
 
+       // Handle the various ways of setting up TLS. The legal configurations
+       // are:
+       //   --acme-hostnames (with optional --acme-email)
+       //   --cert and --key together
+       //   --disable-tls
+       // The outputs of this block of code are the disableTLS,
+       // needHTTP01Listener, certManager, and getCertificate variables.
        if acmeHostnamesCommas != "" {
                acmeHostnames := strings.Split(acmeHostnamesCommas, ",")
                log.Printf("ACME hostnames: %q", acmeHostnames)
@@ -274,10 +284,15 @@ func main() {
 
                server.TLSConfig = &tls.Config{GetCertificate: 
certManager.GetCertificate}
                err = server.ListenAndServeTLS("", "")
+       } else if certFilename != "" && keyFilename != "" {
+               if acmeEmail != "" || acmeHostnamesCommas != "" {
+                       log.Fatalf("The --cert and --key options are not 
allowed with --acme-email or --acme-hostnames.")
+               }
+               err = server.ListenAndServeTLS(certFilename, keyFilename)
        } else if disableTLS {
                err = server.ListenAndServe()
        } else {
-               log.Fatal("the --acme-hostnames or --disable-tls option is 
required")
+               log.Fatal("the --acme-hostnames, --cert and --key, or 
--disable-tls option is required")
        }
 
        if err != nil {

_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Reply via email to