From ca3118aa122edd0e134111312eb5b80d6d5808b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Per=C3=B6bner?= Date: Sun, 9 Oct 2016 16:28:08 +0200 Subject: [PATCH] pkg/blobserver/remote: adds trusted certs option to remote blobserver Allows to use self signed certificates with https endpoints. Change-Id: I1e15bbf15b89e57c8a8cfaf85d778d912a3cc36e --- pkg/blobserver/remote/remote.go | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/pkg/blobserver/remote/remote.go b/pkg/blobserver/remote/remote.go index 19b99d194..93bc4684a 100644 --- a/pkg/blobserver/remote/remote.go +++ b/pkg/blobserver/remote/remote.go @@ -16,20 +16,23 @@ limitations under the License. /* Package remote registers the "remote" blobserver storage type, storing -and fetching blobs from a remote Camlistore server, speaking the HTTP -protocol. +and fetching blobs from a remote Camlistore server over HTTPS. Example low-level config: "/peer/": { "handler": "storage-remote", "handlerArgs": { - "url": "http://10.0.0.17/base", + "url": "https://some-other-server/base", "auth": "userpass:user:pass", "skipStartupCheck": false } }, +The "handlerArgs" may also contain an optional "trustedCert" option to +trust a self-signed TLS certificate. The value is the 20 byte hex prefix +of the SHA-256 of the cert, as printed by the camlistored server +on start-up. */ package remote // import "camlistore.org/pkg/blobserver/remote" @@ -61,11 +64,14 @@ func newFromConfig(_ blobserver.Loader, config jsonconfig.Obj) (storage blobserv url := config.RequiredString("url") auth := config.RequiredString("auth") skipStartupCheck := config.OptionalBool("skipStartupCheck", false) + trustedCert := config.OptionalString("trustedCert", "") if err := config.Validate(); err != nil { return nil, err } - client := client.New(url) + client := client.New(url, + client.OptionTrustedCert(trustedCert), + ) if err = client.SetupAuthFromString(auth); err != nil { return nil, err }