1
0
mirror of https://github.com/juanfont/headscale.git synced 2024-12-20 19:09:07 +01:00

making alternatives constants

This commit is contained in:
Justin Angel 2022-01-30 10:46:57 -05:00
parent d44b2a7c01
commit 310e7b15c7
2 changed files with 17 additions and 15 deletions

20
app.go
View File

@ -61,6 +61,10 @@ const (
errUnsupportedLetsEncryptChallengeType = Error(
"unknown value for Lets Encrypt challenge type",
)
DisabledClientAuth = "disabled"
RelaxedClientAuth = "relaxed"
EnforcedClientAuth = "enforced"
)
// Config contains the initial Headscale configuration.
@ -647,18 +651,18 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
}
var clientAuthMode tls.ClientAuthType
if h.cfg.TLSClientAuthMode == "disabled" {
switch h.cfg.TLSClientAuthMode {
case DisabledClientAuth:
// Client cert is _not_ required.
clientAuthMode = tls.NoClientCert
} else if h.cfg.TLSClientAuthMode == "relaxed" {
// Client cert required, but not verified.
case RelaxedClientAuth:
// Client cert required, but _not verified_.
clientAuthMode = tls.RequireAnyClientCert
} else if h.cfg.TLSClientAuthMode == "enforced" {
// Client cert is required and verified.
case EnforcedClientAuth:
// Client cert is _required and verified_.
clientAuthMode = tls.RequireAndVerifyClientCert
} else {
return nil, errors.New(
"Invalid tls_clientAuthMode provided: " +
default:
return nil, Error("Invalid tls_client_auth_mode provided: " +
h.cfg.TLSClientAuthMode)
}

View File

@ -38,13 +38,11 @@ the following values to the `tls_client_auth_mode` setting in the configuration
file.
| Value | Behavior |
| ----- | -------- |
| ---------- | ---------------------------------------------------------- |
| `disabled` | Disable mTLS (default). |
| `relaxed` | A client certificate is required, but it is not verified. |
| `enforced` | Requires clients to supply a certificate that is verified. |
```yaml
tls_client_auth_mode: ""
```