Skip to content

F
frp

企猫商务 / frp
与 Fork 源项目一致

从无法访问的项目Fork

通知 3
Star 0
Fork 0
F
frp

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 1e420cc7 编写于 作者: F fatedier
浏览文件
操作

update tls

上级 4fff3c74
隐藏空白更改
内联 并排
Showing with 14 addition and 12 deletion
conf/frpc_full.ini
浏览文件 @ 1e420cc7
...@@ -52,6 +52,10 @@ protocol = tcp ...@@ -52,6 +52,10 @@ protocol = tcp
# if tls_enable is true, frpc will connect frps by tls # if tls_enable is true, frpc will connect frps by tls
tls_enable = true tls_enable = true
# tls_cert_file = client.crt
# tls_key_file = client.key
# tls_trusted_ca_file = ca.crt
# specify a dns server, so frpc will use this instead of default one # specify a dns server, so frpc will use this instead of default one
# dns_server = 8.8.8.8 # dns_server = 8.8.8.8
......
conf/frps_full.ini
浏览文件 @ 1e420cc7
...@@ -103,6 +103,10 @@ max_ports_per_client = 0 ...@@ -103,6 +103,10 @@ max_ports_per_client = 0
# TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false. # TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false.
tls_only = false tls_only = false
# tls_cert_file = server.crt
# tls_key_file = server.key
# tls_trusted_ca_file = ca.crt
# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file # if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
# when subdomain is test, the host used by routing is test.frps.com # when subdomain is test, the host used by routing is test.frps.com
subdomain_host = frps.com subdomain_host = frps.com
......
models/config/client_common.go
浏览文件 @ 1e420cc7
...@@ -350,17 +350,16 @@ func (cfg *ClientCommonConf) Check() (err error) { ...@@ -350,17 +350,16 @@ func (cfg *ClientCommonConf) Check() (err error) {
if cfg.TLSEnable == false { if cfg.TLSEnable == false {
if cfg.TLSCertFile != "" { if cfg.TLSCertFile != "" {
fmt.Println("WARNING! Because tls_enable is not true, so tls_cert_file will not make sense") fmt.Println("WARNING! tls_cert_file is invalid when tls_enable is false")
} }
if cfg.TLSKeyFile != "" { if cfg.TLSKeyFile != "" {
fmt.Println("WARNING! Because tls_enable is not true, so tls_key_file will not make sense") fmt.Println("WARNING! tls_key_file is invalid when tls_enable is false")
} }
if cfg.TLSTrustedCaFile != "" { if cfg.TLSTrustedCaFile != "" {
fmt.Println("WARNING! Because tls_enable is not true, so tls_trusted_ca_file will not make sense") fmt.Println("WARNING! tls_trusted_ca_file is invalid when tls_enable is false")
} }
} }
return return
} }
models/config/server_common.go
浏览文件 @ 1e420cc7
...@@ -448,6 +448,7 @@ func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error ...@@ -448,6 +448,7 @@ func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error
if tmpStr, ok := conf.Get("common", "tls_trusted_ca_file"); ok { if tmpStr, ok := conf.Get("common", "tls_trusted_ca_file"); ok {
cfg.TLSTrustedCaFile = tmpStr cfg.TLSTrustedCaFile = tmpStr
cfg.TLSOnly = true
} }
return return
...@@ -471,12 +472,6 @@ func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) { ...@@ -471,12 +472,6 @@ func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
} }
} }
func (cfg *ServerCommonConf) Check() (err error) { func (cfg *ServerCommonConf) Check() error {
if cfg.TLSOnly == false { return nil
if cfg.TLSTrustedCaFile != "" {
err = fmt.Errorf("Parse conf error: forbidden tls_trusted_ca_file, it only works when tls_only is true")
return
}
}
return
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册