mirror of
https://gitee.com/IrisVega/frp.git
synced 2024-11-01 22:31:29 +08:00
update tls
This commit is contained in:
parent
4fff3c7472
commit
1e420cc766
@ -52,6 +52,10 @@ protocol = tcp
|
||||
# if tls_enable is true, frpc will connect frps by tls
|
||||
tls_enable = true
|
||||
|
||||
# tls_cert_file = client.crt
|
||||
# tls_key_file = client.key
|
||||
# tls_trusted_ca_file = ca.crt
|
||||
|
||||
# specify a dns server, so frpc will use this instead of default one
|
||||
# dns_server = 8.8.8.8
|
||||
|
||||
|
@ -103,6 +103,10 @@ max_ports_per_client = 0
|
||||
# TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false.
|
||||
tls_only = false
|
||||
|
||||
# tls_cert_file = server.crt
|
||||
# tls_key_file = server.key
|
||||
# tls_trusted_ca_file = ca.crt
|
||||
|
||||
# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
|
||||
# when subdomain is test, the host used by routing is test.frps.com
|
||||
subdomain_host = frps.com
|
||||
|
@ -350,17 +350,16 @@ func (cfg *ClientCommonConf) Check() (err error) {
|
||||
|
||||
if cfg.TLSEnable == false {
|
||||
if cfg.TLSCertFile != "" {
|
||||
fmt.Println("WARNING! Because tls_enable is not true, so tls_cert_file will not make sense")
|
||||
fmt.Println("WARNING! tls_cert_file is invalid when tls_enable is false")
|
||||
}
|
||||
|
||||
if cfg.TLSKeyFile != "" {
|
||||
fmt.Println("WARNING! Because tls_enable is not true, so tls_key_file will not make sense")
|
||||
fmt.Println("WARNING! tls_key_file is invalid when tls_enable is false")
|
||||
}
|
||||
|
||||
if cfg.TLSTrustedCaFile != "" {
|
||||
fmt.Println("WARNING! Because tls_enable is not true, so tls_trusted_ca_file will not make sense")
|
||||
fmt.Println("WARNING! tls_trusted_ca_file is invalid when tls_enable is false")
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
@ -448,6 +448,7 @@ func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error
|
||||
|
||||
if tmpStr, ok := conf.Get("common", "tls_trusted_ca_file"); ok {
|
||||
cfg.TLSTrustedCaFile = tmpStr
|
||||
cfg.TLSOnly = true
|
||||
}
|
||||
|
||||
return
|
||||
@ -471,12 +472,6 @@ func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
|
||||
}
|
||||
}
|
||||
|
||||
func (cfg *ServerCommonConf) Check() (err error) {
|
||||
if cfg.TLSOnly == false {
|
||||
if cfg.TLSTrustedCaFile != "" {
|
||||
err = fmt.Errorf("Parse conf error: forbidden tls_trusted_ca_file, it only works when tls_only is true")
|
||||
return
|
||||
}
|
||||
}
|
||||
return
|
||||
func (cfg *ServerCommonConf) Check() error {
|
||||
return nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user