Use CA cert & key from user tls config

2019-05-28 17:31:11 -07:00 · 2019-05-28 17:31:11 -07:00 · 54fdba3f13
commit 54fdba3f13
parent 5705628594
2 changed files with 19 additions and 5 deletions
--- a/server.go
+++ b/server.go
@ -424,12 +424,25 @@ func (s *server) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, e
 	changed = true

 	if s.activeCA == nil {
-		ca, key, err := genCA()
-		if err != nil {
-			return nil, err
+		if s.userConfig.CACerts != "" && s.userConfig.CAKey != "" {
+			ca, err := cert.ParseCertsPEM([]byte(s.userConfig.CACerts))
+			if err != nil {
+				return nil, err
+			}
+			key, err := cert.ParsePrivateKeyPEM([]byte(s.userConfig.CAKey))
+			if err != nil {
+				return nil, err
+			}
+			s.activeCA = ca[0]
+			s.activeCAKey = key.(crypto.Signer)
+		} else {
+			ca, key, err := genCA()
+			if err != nil {
+				return nil, err
+			}
+			s.activeCA = ca
+			s.activeCAKey = key
 		}
-		s.activeCA = ca
-		s.activeCAKey = key
 	}

 	cfg := cert.Config{
--- a/types.go
+++ b/types.go
@ -29,6 +29,7 @@ type UserConfig struct {
 	Mode        string
 	NoCACerts   bool
 	CACerts     string
+	CAKey       string
 	Cert        string
 	Key         string
 	BindAddress string