Skip to content

Commit

Permalink
includes changes from 54e885a
Browse files Browse the repository at this point in the history 
etcd-io#13445 was cherry-picked manually,
but we made some changes to support multiple values for allowed client
and peer URIs.
  • Loading branch information
@aneesh1
aneesh1 committed Sep 25, 2024
1 parent bb15433 commit 3a5b637
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions client/pkg/transport/listener.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -477,6 +477,20 @@ func (info TLSInfo) baseConfig() (*tls.Config, error) {
return false
}
}

if len(info.AllowedURIs) > 0 {
verifyCertificate = func(cert *x509.Certificate) bool {
for _, allowedURI := range info.AllowedURIs {
for _, uri := range cert.URIs {
if allowedURI == uri.String() {
return true
}
}
}
return false
}
}

if verifyCertificate != nil {
cfg.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
for _, chains := range verifiedChains {
Expand Down

0 comments on commit 3a5b637

Please sign in to comment.