consul: Enable incoming TLS connections to server

This commit is contained in:
Armon Dadgar 2014-04-04 16:34:23 -07:00
parent f68d3160d2
commit 1ab9a4ad53
2 changed files with 22 additions and 1 deletions

View File

@ -1,6 +1,7 @@
package consul
import (
"crypto/tls"
"fmt"
"github.com/armon/go-metrics"
"github.com/hashicorp/consul/consul/structs"
@ -19,6 +20,7 @@ const (
rpcConsul RPCType = iota
rpcRaft
rpcMultiplex
rpcTLS
)
const (
@ -71,6 +73,15 @@ func (s *Server) handleConn(conn net.Conn) {
case rpcMultiplex:
s.handleMultiplex(conn)
case rpcTLS:
if s.rpcTLS == nil {
s.logger.Printf("[WARN] consul.rpc: TLS connection attempted, server not configured for TLS")
conn.Close()
return
}
conn = tls.Server(conn, s.rpcTLS)
s.handleConn(conn)
default:
s.logger.Printf("[ERR] consul.rpc: unrecognized RPC byte: %v", buf[0])
conn.Close()

View File

@ -83,6 +83,9 @@ type Server struct {
rpcListener net.Listener
rpcServer *rpc.Server
// rpcTLS is the TLS config for incoming TLS requests
rpcTLS *tls.Config
// serfLAN is the Serf cluster maintained inside the DC
// which contains all the DC nodes
serfLAN *serf.Serf
@ -123,7 +126,7 @@ func NewServer(config *Config) (*Server, error) {
config.LogOutput = os.Stderr
}
// Create the tlsConfig
// Create the tlsConfig for outgoing connections
var tlsConfig *tls.Config
var err error
if config.VerifyOutgoing {
@ -132,6 +135,12 @@ func NewServer(config *Config) (*Server, error) {
}
}
// Get the incoming tls config
incomingTLS, err := config.IncomingTLSConfig()
if err != nil {
return nil, err
}
// Create a logger
logger := log.New(config.LogOutput, "", log.LstdFlags)
@ -146,6 +155,7 @@ func NewServer(config *Config) (*Server, error) {
remoteConsuls: make(map[string][]net.Addr),
rpcClients: make(map[net.Conn]struct{}),
rpcServer: rpc.NewServer(),
rpcTLS: incomingTLS,
shutdownCh: make(chan struct{}),
}