1
mirror of https://github.com/rclone/rclone synced 2024-12-23 14:23:44 +01:00

fs:Added multiple ca certificate support.

This commit is contained in:
alankrit 2023-01-11 07:59:51 +00:00 committed by Nick Craig-Wood
parent 844e8fb8bd
commit 6b17044f8e
4 changed files with 19 additions and 15 deletions

View File

@ -2099,9 +2099,9 @@ these options. For example this can be very useful with the HTTP or
WebDAV backends. Rclone HTTP servers have their own set of WebDAV backends. Rclone HTTP servers have their own set of
configuration for SSL/TLS which you can find in their documentation. configuration for SSL/TLS which you can find in their documentation.
### --ca-cert string ### --ca-cert stringArray
This loads the PEM encoded certificate authority certificate and uses This loads the PEM encoded certificate authority certificates and uses
it to verify the certificates of the servers rclone connects to. it to verify the certificates of the servers rclone connects to.
If you have generated certificates signed with a local CA then you If you have generated certificates signed with a local CA then you

View File

@ -120,9 +120,9 @@ type ConfigInfo struct {
ProgressTerminalTitle bool ProgressTerminalTitle bool
Cookie bool Cookie bool
UseMmap bool UseMmap bool
CaCert string // Client Side CA CaCert []string // Client Side CA
ClientCert string // Client Side Cert ClientCert string // Client Side Cert
ClientKey string // Client Side Key ClientKey string // Client Side Key
MultiThreadCutoff SizeSuffix MultiThreadCutoff SizeSuffix
MultiThreadStreams int MultiThreadStreams int
MultiThreadSet bool // whether MultiThreadStreams was set (set in fs/config/configflags) MultiThreadSet bool // whether MultiThreadStreams was set (set in fs/config/configflags)

View File

@ -120,7 +120,7 @@ func AddFlags(ci *fs.ConfigInfo, flagSet *pflag.FlagSet) {
flags.BoolVarP(flagSet, &ci.ProgressTerminalTitle, "progress-terminal-title", "", ci.ProgressTerminalTitle, "Show progress on the terminal title (requires -P/--progress)") flags.BoolVarP(flagSet, &ci.ProgressTerminalTitle, "progress-terminal-title", "", ci.ProgressTerminalTitle, "Show progress on the terminal title (requires -P/--progress)")
flags.BoolVarP(flagSet, &ci.Cookie, "use-cookies", "", ci.Cookie, "Enable session cookiejar") flags.BoolVarP(flagSet, &ci.Cookie, "use-cookies", "", ci.Cookie, "Enable session cookiejar")
flags.BoolVarP(flagSet, &ci.UseMmap, "use-mmap", "", ci.UseMmap, "Use mmap allocator (see docs)") flags.BoolVarP(flagSet, &ci.UseMmap, "use-mmap", "", ci.UseMmap, "Use mmap allocator (see docs)")
flags.StringVarP(flagSet, &ci.CaCert, "ca-cert", "", ci.CaCert, "CA certificate used to verify servers") flags.StringArrayVarP(flagSet, &ci.CaCert, "ca-cert", "", ci.CaCert, "CA certificate used to verify servers")
flags.StringVarP(flagSet, &ci.ClientCert, "client-cert", "", ci.ClientCert, "Client SSL certificate (PEM) for mutual TLS auth") flags.StringVarP(flagSet, &ci.ClientCert, "client-cert", "", ci.ClientCert, "Client SSL certificate (PEM) for mutual TLS auth")
flags.StringVarP(flagSet, &ci.ClientKey, "client-key", "", ci.ClientKey, "Client SSL private key (PEM) for mutual TLS auth") flags.StringVarP(flagSet, &ci.ClientKey, "client-key", "", ci.ClientKey, "Client SSL private key (PEM) for mutual TLS auth")
flags.FVarP(flagSet, &ci.MultiThreadCutoff, "multi-thread-cutoff", "", "Use multi-thread downloads for files above this size") flags.FVarP(flagSet, &ci.MultiThreadCutoff, "multi-thread-cutoff", "", "Use multi-thread downloads for files above this size")

View File

@ -72,16 +72,20 @@ func NewTransportCustom(ctx context.Context, customize func(*http.Transport)) ht
t.TLSClientConfig.Certificates = []tls.Certificate{cert} t.TLSClientConfig.Certificates = []tls.Certificate{cert}
} }
// Load CA cert // Load CA certs
if ci.CaCert != "" { if len(ci.CaCert) != 0 {
caCert, err := os.ReadFile(ci.CaCert)
if err != nil {
log.Fatalf("Failed to read --ca-cert: %v", err)
}
caCertPool := x509.NewCertPool() caCertPool := x509.NewCertPool()
ok := caCertPool.AppendCertsFromPEM(caCert)
if !ok { for _, cert := range ci.CaCert {
log.Fatalf("Failed to add certificates from --ca-cert") caCert, err := os.ReadFile(cert)
if err != nil {
log.Fatalf("Failed to read --ca-cert file %q : %v", cert, err)
}
ok := caCertPool.AppendCertsFromPEM(caCert)
if !ok {
log.Fatalf("Failed to add certificates from --ca-cert file %q", cert)
}
} }
t.TLSClientConfig.RootCAs = caCertPool t.TLSClientConfig.RootCAs = caCertPool
} }