Permit multiple authorised certificates per zone.
This commit is contained in:
Solderpunk
parent
a0dacf4bbd
commit
31161cf21c
|
|
@ -20,7 +20,7 @@ type Config struct {
|
|||
MimeOverrides map[string]string
|
||||
CGIPaths []string
|
||||
SCGIPaths map[string]string
|
||||
CertificateZones map[string]string
|
||||
CertificateZones map[string][]string
|
||||
DirectorySort string
|
||||
DirectoryReverse bool
|
||||
DirectoryTitles bool
|
||||
|
|
|
|||
12
handler.go
12
handler.go
|
|
@ -94,16 +94,18 @@ func handleGeminiRequest(conn net.Conn, config Config, logEntries chan LogEntry)
|
|||
|
||||
// Check whether this URL is in a certificate zone
|
||||
authorised := true
|
||||
for zone, allowed_fingerprint := range config.CertificateZones {
|
||||
for zone, allowedFingerprints := range config.CertificateZones {
|
||||
matched, err := regexp.Match(zone, []byte(URL.Path))
|
||||
if !matched || err != nil {
|
||||
continue
|
||||
}
|
||||
authorised = false
|
||||
for _, cert := range clientCerts {
|
||||
if getCertFingerprint(cert) == allowed_fingerprint {
|
||||
authorised = true
|
||||
break
|
||||
for _, clientCert := range clientCerts {
|
||||
for _, allowedFingerprint := range allowedFingerprints {
|
||||
if getCertFingerprint(clientCert) == allowedFingerprint {
|
||||
authorised = true
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue