Home Explore Help
Sign In
txlyre
/
3x-ui
mirror of https://github.com/MHSanaei/3x-ui
1
0
Fork 0
Files Issues 0 Wiki
Tree: 37c5e0bfd2
Branches Tags
3x-ui
/
internal
/
web
/
web_mtls.go

web_mtls.go 576 B
History Raw

12345678910111213141516171819 
  1. package web
    2. 

  2. 

  3. import (
    4. 

  4. 	"crypto/tls"
    5. 

  5. 	"crypto/x509"
    6. 

  6. )
    7. 

  7. 

  8. // applyNodeMtls configures the panel listener to request and verify client
    9. 

  9. // certificates against pool. It uses VerifyClientCertIfGiven so browsers (which
    10. 

  10. // present no client cert) keep working; a presented cert that fails to verify
    11. 

  11. // aborts the handshake. With a nil pool the config is left untouched, so the
    12. 

  12. // no-mTLS listener is byte-identical to before.
    13. 

  13. func applyNodeMtls(cfg *tls.Config, pool *x509.CertPool) {
    14. 

  14. 	if pool == nil {
    15. 

  15. 		return
    16. 

  16. 	}
    17. 

  17. 	cfg.ClientAuth = tls.VerifyClientCertIfGiven
    18. 

  18. 	cfg.ClientCAs = pool
    19. 

  19. }
    20.