Force clients to have certs

2025-01-11 15:03:22 -05:00 · 2015-01-30 16:49:44 -08:00 · 2015-01-30 16:49:44 -08:00 · 8a4128d304
commit 8a4128d304
parent fec80fb1b3
2 changed files with 5 additions and 10 deletions
--- a/pkg/httpserver/tlshelpers.go
+++ b/pkg/httpserver/tlshelpers.go
@ -3,7 +3,7 @@ package httpserver
 import "crypto/tls"

 func getDefaultTLSConfig() *tls.Config {
-	config := &tls.Config{}
+	config := tls.Config{}

 	//Use only modern ciphers
 	config.CipherSuites = []uint16{
@ -17,13 +17,8 @@ func getDefaultTLSConfig() *tls.Config {
 		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 	}

-	//Use only TLS v1.2
-	config.MinVersion = tls.VersionTLS12
-
-	// Ignore client auth for now
-	config.ClientAuth = tls.NoClientCert
-
 	//Don't allow session resumption
 	config.SessionTicketsDisabled = true
-	return config
+	config.ClientAuth = tls.RequireAnyClientCert
+	return &config
 }
--- a/pkg/utils/crypto/signers/signers.go
+++ b/pkg/utils/crypto/signers/signers.go
@ -33,10 +33,10 @@ package signers
 //	return true
 //}
 //
-//func GetAccessID() {
+//func getAccessID() {
 //}
 //
-//func GetSecretID() {
+//func getSecretID() {
 //}
 //
 //// This package implements verification side of Object API Signature request