guoswork
/
frp
mirror of https://gitee.com/IrisVega/frp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update tls

This commit is contained in:
fatedier 2020-09-18 20:06:09 +08:00
parent 4fff3c7472
commit 1e420cc766
4 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
conf/frpc_full.ini
View File

@ -52,6 +52,10 @@ protocol = tcp
# if tls_enable is true, frpc will connect frps by tls # if tls_enable is true, frpc will connect frps by tls
tls_enable = true tls_enable = true
# tls_cert_file = client.crt
# tls_key_file = client.key
# tls_trusted_ca_file = ca.crt
# specify a dns server, so frpc will use this instead of default one # specify a dns server, so frpc will use this instead of default one
# dns_server = 8.8.8.8 # dns_server = 8.8.8.8

4
conf/frps_full.ini
View File

@ -103,6 +103,10 @@ max_ports_per_client = 0
# TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false. # TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false.
tls_only = false tls_only = false
# tls_cert_file = server.crt
# tls_key_file = server.key
# tls_trusted_ca_file = ca.crt
# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file # if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
# when subdomain is test, the host used by routing is test.frps.com # when subdomain is test, the host used by routing is test.frps.com
subdomain_host = frps.com subdomain_host = frps.com

7
models/config/client_common.go
View File

@ -350,17 +350,16 @@ func (cfg *ClientCommonConf) Check() (err error) {
if cfg.TLSEnable == false { if cfg.TLSEnable == false {
if cfg.TLSCertFile != "" { if cfg.TLSCertFile != "" {
fmt.Println("WARNING! Because tls_enable is not true, so tls_cert_file will not make sense") fmt.Println("WARNING! tls_cert_file is invalid when tls_enable is false")
} }
if cfg.TLSKeyFile != "" { if cfg.TLSKeyFile != "" {
fmt.Println("WARNING! Because tls_enable is not true, so tls_key_file will not make sense") fmt.Println("WARNING! tls_key_file is invalid when tls_enable is false")
} }
if cfg.TLSTrustedCaFile != "" { if cfg.TLSTrustedCaFile != "" {
fmt.Println("WARNING! Because tls_enable is not true, so tls_trusted_ca_file will not make sense") fmt.Println("WARNING! tls_trusted_ca_file is invalid when tls_enable is false")
} }
} }
return return
} }

11
models/config/server_common.go
View File

@ -448,6 +448,7 @@ func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error
if tmpStr, ok := conf.Get("common", "tls_trusted_ca_file"); ok { if tmpStr, ok := conf.Get("common", "tls_trusted_ca_file"); ok {
cfg.TLSTrustedCaFile = tmpStr cfg.TLSTrustedCaFile = tmpStr
cfg.TLSOnly = true
} }
return return
@ -471,12 +472,6 @@ func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
} }
} }
func (cfg *ServerCommonConf) Check() (err error) { func (cfg *ServerCommonConf) Check() error {
if cfg.TLSOnly == false { return nil
if cfg.TLSTrustedCaFile != "" {
err = fmt.Errorf("Parse conf error: forbidden tls_trusted_ca_file, it only works when tls_only is true")
return
}
}
return
} }