diff options
author | Jakob Borg <jakob@kastelo.net> | 2023-08-23 13:40:38 +0200 |
---|---|---|
committer | Jakob Borg <jakob@kastelo.net> | 2023-08-23 13:43:54 +0200 |
commit | a04cc9500527c36ee3b2f9ffd1ec3f090baf7be4 (patch) | |
tree | 87bcd0b9ba2484f9be33d5d663d82eff288f7926 | |
parent | 480fa4b9159cf363e00717fcf3f2fedef204ebcc (diff) | |
download | syncthing-a04cc9500527c36ee3b2f9ffd1ec3f090baf7be4.tar.gz syncthing-a04cc9500527c36ee3b2f9ffd1ec3f090baf7be4.zip |
cmd/stdiscosrv: Separate HTTPS and replication certificates
-rw-r--r-- | cmd/stdiscosrv/main.go | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/cmd/stdiscosrv/main.go b/cmd/stdiscosrv/main.go index 324f0cf0a..79a63d63a 100644 --- a/cmd/stdiscosrv/main.go +++ b/cmd/stdiscosrv/main.go @@ -74,6 +74,8 @@ func main() { var replicationPeers string var certFile string var keyFile string + var replCertFile string + var replKeyFile string var useHTTP bool var largeDB bool @@ -81,14 +83,16 @@ func main() { log.SetFlags(0) flag.StringVar(&certFile, "cert", "./cert.pem", "Certificate file") + flag.StringVar(&keyFile, "key", "./key.pem", "Key file") flag.StringVar(&dir, "db-dir", "./discovery.db", "Database directory") flag.BoolVar(&debug, "debug", false, "Print debug output") flag.BoolVar(&useHTTP, "http", false, "Listen on HTTP (behind an HTTPS proxy)") flag.StringVar(&listen, "listen", ":8443", "Listen address") - flag.StringVar(&keyFile, "key", "./key.pem", "Key file") flag.StringVar(&metricsListen, "metrics-listen", "", "Metrics listen address") flag.StringVar(&replicationPeers, "replicate", "", "Replication peers, id@address, comma separated") flag.StringVar(&replicationListen, "replication-listen", ":19200", "Replication listen address") + flag.StringVar(&replCertFile, "replication-cert", "", "Certificate file for replication") + flag.StringVar(&replKeyFile, "replication-key", "", "Key file for replication") flag.BoolVar(&largeDB, "large-db", false, "Use larger database settings") showVersion := flag.Bool("version", false, "Show version") flag.Parse() @@ -120,6 +124,16 @@ func main() { devID := protocol.NewDeviceID(cert.Certificate[0]) log.Println("Server device ID is", devID) + replCert := cert + if replCertFile != "" && replKeyFile != "" { + replCert, err = tls.LoadX509KeyPair(replCertFile, replKeyFile) + if err != nil { + log.Fatalln("Failed to load replication keypair:", err) + } + } + replDevID := protocol.NewDeviceID(replCert.Certificate[0]) + log.Println("Replication device ID is", replDevID) + // Parse the replication specs, if any. var allowedReplicationPeers []protocol.DeviceID var replicationDestinations []string @@ -174,14 +188,14 @@ func main() { // Start any replication senders. var repl replicationMultiplexer for _, dst := range replicationDestinations { - rs := newReplicationSender(dst, cert, allowedReplicationPeers) + rs := newReplicationSender(dst, replCert, allowedReplicationPeers) main.Add(rs) repl = append(repl, rs) } // If we have replication configured, start the replication listener. if len(allowedReplicationPeers) > 0 { - rl := newReplicationListener(replicationListen, cert, allowedReplicationPeers, db) + rl := newReplicationListener(replicationListen, replCert, allowedReplicationPeers, db) main.Add(rl) } |