Move grpc TLS setup into hspki
diff --git a/grpc.go b/grpc.go
index 9569ee5..01d5634 100644
--- a/grpc.go
+++ b/grpc.go
@@ -2,10 +2,7 @@
import (
"context"
- "crypto/tls"
- "crypto/x509"
"fmt"
- "io/ioutil"
"net"
"net/http"
@@ -14,7 +11,6 @@
"github.com/q3k/statusz"
"golang.org/x/net/trace"
"google.golang.org/grpc"
- "google.golang.org/grpc/credentials"
"google.golang.org/grpc/reflection"
pb "code.hackerspace.pl/q3k/arista-proxy/proto"
@@ -60,33 +56,12 @@
}
func (s *server) setupGRPC(options ...grpc.ServerOption) error {
- serverCert, err := tls.LoadX509KeyPair(s.opts.tlsCertificatePath, s.opts.tlsKeyPath)
- if err != nil {
- return fmt.Errorf("while loading keypair: %v", err)
- }
-
- certPool := x509.NewCertPool()
- ca, err := ioutil.ReadFile(s.opts.tlsCAPath)
- if err != nil {
- return fmt.Errorf("while loading ca certificate: %v", err)
- }
- if ok := certPool.AppendCertsFromPEM(ca); !ok {
- return fmt.Errorf("while appending ca certificate to pool: %v", err)
- }
-
lis, err := net.Listen("tcp", s.opts.listenAddress)
if err != nil {
return fmt.Errorf("while listening on main port: %v", err)
}
- creds := credentials.NewTLS(&tls.Config{
- ClientAuth: tls.RequireAndVerifyClientCert,
- Certificates: []tls.Certificate{serverCert},
- ClientCAs: certPool,
- })
-
s.grpc.listen = lis
- options = append([]grpc.ServerOption{grpc.Creds(creds)}, options...)
s.grpc.server = grpc.NewServer(options...)
return nil
@@ -110,7 +85,7 @@
func (s *server) serveForever() {
grpc.EnableTracing = true
- if err := s.setupGRPC(hspki.WithServerHSPKI()); err != nil {
+ if err := s.setupGRPC(hspki.WithServerHSPKI()...); err != nil {
glog.Exitf("Could not setup GRPC server: %v", err)
}
pb.RegisterAristaProxyServer(s.grpc.server, s)