添加对 BConfig.Listen.ClientAuth 字段的逻辑处理。当指定了该配置时，使用配置的值来作为验证客户端的方式。如果没指定，使用默认值 tls.RequireAndVerifyClientCert

2020-07-30 10:53:30 +08:00 · 2020-07-30 10:53:30 +08:00 · 15e11931fc
parent 7d561607d8
commit 15e11931fc
1 changed files with 7 additions and 2 deletions
--- a/app.go
+++ b/app.go
@ -195,10 +195,15 @@ func (app *App) Run(mws ...MiddleWare) {
 					return
 				}
 				pool.AppendCertsFromPEM(data)
-				app.Server.TLSConfig = &tls.Config{
+				tlsConfig := tls.Config{
 					ClientCAs:  pool,
-					ClientAuth: tls.RequireAndVerifyClientCert,
 				}
+				if string(BConfig.Listen.ClientAuth) != "" {
+					tslConfig.ClientAuth = BConfig.Listen.ClientAuth
+				} else {
+					tslConfig.ClientAuth = tls.RequireAndVerifyClientCert
+				}
+				app.Server.TLSConfig = &tslConfig
 			}
 			if err := app.Server.ListenAndServeTLS(BConfig.Listen.HTTPSCertFile, BConfig.Listen.HTTPSKeyFile); err != nil {
 				logs.Critical("ListenAndServeTLS: ", err)