Permit multiple authorised certificates per zone.
This commit is contained in:
parent
a0dacf4bbd
commit
31161cf21c
|
@ -20,7 +20,7 @@ type Config struct {
|
||||||
MimeOverrides map[string]string
|
MimeOverrides map[string]string
|
||||||
CGIPaths []string
|
CGIPaths []string
|
||||||
SCGIPaths map[string]string
|
SCGIPaths map[string]string
|
||||||
CertificateZones map[string]string
|
CertificateZones map[string][]string
|
||||||
DirectorySort string
|
DirectorySort string
|
||||||
DirectoryReverse bool
|
DirectoryReverse bool
|
||||||
DirectoryTitles bool
|
DirectoryTitles bool
|
||||||
|
|
12
handler.go
12
handler.go
|
@ -94,16 +94,18 @@ func handleGeminiRequest(conn net.Conn, config Config, logEntries chan LogEntry)
|
||||||
|
|
||||||
// Check whether this URL is in a certificate zone
|
// Check whether this URL is in a certificate zone
|
||||||
authorised := true
|
authorised := true
|
||||||
for zone, allowed_fingerprint := range config.CertificateZones {
|
for zone, allowedFingerprints := range config.CertificateZones {
|
||||||
matched, err := regexp.Match(zone, []byte(URL.Path))
|
matched, err := regexp.Match(zone, []byte(URL.Path))
|
||||||
if !matched || err != nil {
|
if !matched || err != nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
authorised = false
|
authorised = false
|
||||||
for _, cert := range clientCerts {
|
for _, clientCert := range clientCerts {
|
||||||
if getCertFingerprint(cert) == allowed_fingerprint {
|
for _, allowedFingerprint := range allowedFingerprints {
|
||||||
authorised = true
|
if getCertFingerprint(clientCert) == allowedFingerprint {
|
||||||
break
|
authorised = true
|
||||||
|
break
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue