From 9f8b3b5a1820f575e6621fd5f4f6cdf47b0a7742 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sun, 12 Apr 2020 19:41:19 +0200 Subject: [PATCH] TLS for command line client --- src/api_server.rs | 4 ++-- src/main.rs | 25 ++++++++++++++++++++++++- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/src/api_server.rs b/src/api_server.rs index 13fd5038c..056d2aafa 100644 --- a/src/api_server.rs +++ b/src/api_server.rs @@ -1,5 +1,5 @@ use std::collections::VecDeque; -use std::net::SocketAddr; +use std::net::{Ipv6Addr, SocketAddr}; use std::sync::Arc; use futures::future::Future; @@ -24,7 +24,7 @@ pub async fn run_api_server( garage: Arc, shutdown_signal: impl Future, ) -> Result<(), Error> { - let addr = ([0, 0, 0, 0, 0, 0, 0, 0], garage.system.config.api_port).into(); + let addr = (Ipv6Addr::LOCALHOST, garage.system.config.api_port).into(); let service = make_service_fn(|conn: &AddrStream| { let garage = garage.clone(); diff --git a/src/main.rs b/src/main.rs index 619f3422b..ea6124b5e 100644 --- a/src/main.rs +++ b/src/main.rs @@ -27,6 +27,7 @@ use data::*; use error::Error; use proto::*; use rpc_client::RpcClient; +use server::TlsConfig; #[derive(StructOpt, Debug)] #[structopt(name = "garage")] @@ -35,6 +36,13 @@ pub struct Opt { #[structopt(short = "h", long = "rpc-host", default_value = "127.0.0.1:3901")] rpc_host: SocketAddr, + #[structopt(long="ca-cert")] + ca_cert: Option, + #[structopt(long="client-cert")] + client_cert: Option, + #[structopt(long="client-key")] + client_key: Option, + #[structopt(subcommand)] cmd: Command, } @@ -77,7 +85,22 @@ pub struct ConfigureOpt { async fn main() { let opt = Opt::from_args(); - let rpc_cli = RpcClient::new(&None).expect("Could not create RPC client"); + let tls_config = match (opt.ca_cert, opt.client_cert, opt.client_key) { + (Some(ca_cert), Some(client_cert), Some(client_key)) => { + Some(TlsConfig{ + ca_cert, + node_cert: client_cert, + node_key: client_key, + }) + } + (None, None, None) => None, + _ => { + eprintln!("Missing one of: --ca-cert, --node-cert, --node-key. Not using TLS."); + None + } + }; + + let rpc_cli = RpcClient::new(&tls_config).expect("Could not create RPC client"); let resp = match opt.cmd { Command::Server(server_opt) => server::run_server(server_opt.config_file).await,