mirror of
https://github.com/juanfont/headscale.git
synced 2024-12-20 19:09:07 +01:00
making alternatives constants
This commit is contained in:
parent
d44b2a7c01
commit
310e7b15c7
20
app.go
20
app.go
@ -61,6 +61,10 @@ const (
|
||||
errUnsupportedLetsEncryptChallengeType = Error(
|
||||
"unknown value for Lets Encrypt challenge type",
|
||||
)
|
||||
|
||||
DisabledClientAuth = "disabled"
|
||||
RelaxedClientAuth = "relaxed"
|
||||
EnforcedClientAuth = "enforced"
|
||||
)
|
||||
|
||||
// Config contains the initial Headscale configuration.
|
||||
@ -647,18 +651,18 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
|
||||
}
|
||||
|
||||
var clientAuthMode tls.ClientAuthType
|
||||
if h.cfg.TLSClientAuthMode == "disabled" {
|
||||
switch h.cfg.TLSClientAuthMode {
|
||||
case DisabledClientAuth:
|
||||
// Client cert is _not_ required.
|
||||
clientAuthMode = tls.NoClientCert
|
||||
} else if h.cfg.TLSClientAuthMode == "relaxed" {
|
||||
// Client cert required, but not verified.
|
||||
case RelaxedClientAuth:
|
||||
// Client cert required, but _not verified_.
|
||||
clientAuthMode = tls.RequireAnyClientCert
|
||||
} else if h.cfg.TLSClientAuthMode == "enforced" {
|
||||
// Client cert is required and verified.
|
||||
case EnforcedClientAuth:
|
||||
// Client cert is _required and verified_.
|
||||
clientAuthMode = tls.RequireAndVerifyClientCert
|
||||
} else {
|
||||
return nil, errors.New(
|
||||
"Invalid tls_clientAuthMode provided: " +
|
||||
default:
|
||||
return nil, Error("Invalid tls_client_auth_mode provided: " +
|
||||
h.cfg.TLSClientAuthMode)
|
||||
}
|
||||
|
||||
|
@ -38,13 +38,11 @@ the following values to the `tls_client_auth_mode` setting in the configuration
|
||||
file.
|
||||
|
||||
| Value | Behavior |
|
||||
| ----- | -------- |
|
||||
| ---------- | ---------------------------------------------------------- |
|
||||
| `disabled` | Disable mTLS (default). |
|
||||
| `relaxed` | A client certificate is required, but it is not verified. |
|
||||
| `enforced` | Requires clients to supply a certificate that is verified. |
|
||||
|
||||
|
||||
```yaml
|
||||
tls_client_auth_mode: ""
|
||||
```
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user