mirror of https://github.com/status-im/consul.git
consul: Simplify TLS handling in RPC server
This commit is contained in:
parent
592953309e
commit
39a55953af
|
@ -45,14 +45,14 @@ func (s *Server) listen() {
|
|||
s.rpcClients[conn] = struct{}{}
|
||||
s.rpcClientLock.Unlock()
|
||||
|
||||
go s.handleConn(conn)
|
||||
go s.handleConn(conn, false)
|
||||
metrics.IncrCounter([]string{"consul", "rpc", "accept_conn"}, 1)
|
||||
}
|
||||
}
|
||||
|
||||
// handleConn is used to determine if this is a Raft or
|
||||
// Consul type RPC connection and invoke the correct handler
|
||||
func (s *Server) handleConn(conn net.Conn) {
|
||||
func (s *Server) handleConn(conn net.Conn, isTLS bool) {
|
||||
// Read a single byte
|
||||
buf := make([]byte, 1)
|
||||
if _, err := conn.Read(buf); err != nil {
|
||||
|
@ -61,20 +61,8 @@ func (s *Server) handleConn(conn net.Conn) {
|
|||
return
|
||||
}
|
||||
|
||||
// Check if entering TLS mode
|
||||
isTLS := false
|
||||
if RPCType(buf[0]) == rpcTLS {
|
||||
if s.rpcTLS == nil {
|
||||
s.logger.Printf("[WARN] consul.rpc: TLS connection attempted, server not configured for TLS")
|
||||
conn.Close()
|
||||
return
|
||||
}
|
||||
conn = tls.Server(conn, s.rpcTLS)
|
||||
isTLS = true
|
||||
}
|
||||
|
||||
// Enforce TLS if VerifyIncoming is set
|
||||
if s.config.VerifyIncoming && !isTLS {
|
||||
if s.config.VerifyIncoming && !isTLS && RPCType(buf[0]) != rpcTLS {
|
||||
s.logger.Printf("[WARN] consul.rpc: Non-TLS connection attempted with VerifyIncoming set")
|
||||
conn.Close()
|
||||
return
|
||||
|
@ -92,6 +80,15 @@ func (s *Server) handleConn(conn net.Conn) {
|
|||
case rpcMultiplex:
|
||||
s.handleMultiplex(conn)
|
||||
|
||||
case rpcTLS:
|
||||
if s.rpcTLS == nil {
|
||||
s.logger.Printf("[WARN] consul.rpc: TLS connection attempted, server not configured for TLS")
|
||||
conn.Close()
|
||||
return
|
||||
}
|
||||
conn = tls.Server(conn, s.rpcTLS)
|
||||
s.handleConn(conn, true)
|
||||
|
||||
default:
|
||||
s.logger.Printf("[ERR] consul.rpc: unrecognized RPC byte: %v", buf[0])
|
||||
conn.Close()
|
||||
|
|
Loading…
Reference in New Issue