Add client certificate fields to the configuration struct

Add relevant logic
1 parent 5eb5959c
Showing with 30 additions and 0 deletions
......@@ -2,6 +2,8 @@ package app
import (
......@@ -45,6 +47,9 @@ type Options struct {
EnableTLS bool `hcl:"enable_tls"`
TLSCrtFile string `hcl:"tls_crt_file"`
TLSKeyFile string `hcl:"tls_key_file"`
EnableClientCertificate bool `hcl:"enable_client_certificate"`
ClientCAFile string `hcl:"client_ca_file"`
EnableClientCertificateVerification bool `hcl:"enable_client_certificate_verification"`
TitleFormat string `hcl:"title_format"`
EnableReconnect bool `hcl:"enable_reconnect"`
ReconnectTime int `hcl:"reconnect_time"`
......@@ -64,6 +69,9 @@ var DefaultOptions = Options{
EnableTLS: false,
TLSCrtFile: "~/.gotty.crt",
TLSKeyFile: "~/.gotty.key",
EnableClientCertificate: false,
ClientCAFile: "~/",
EnableClientCertificateVerification: false,
TitleFormat: "GoTTY - {{ .Command }} ({{ .Hostname }})",
EnableReconnect: false,
ReconnectTime: 10,
......@@ -195,6 +203,28 @@ func (app *App) Run() error {
keyFile := ExpandHomeDir(app.options.TLSKeyFile)
log.Printf("TLS crt file: " + crtFile)
log.Printf("TLS key file: " + keyFile)
if app.options.EnableClientCertificate {
caFile := ExpandHomeDir(app.options.ClientCAFile)
log.Printf("Client CA file: " + caFile)
caCert, err := ioutil.ReadFile(caFile)
if err != nil {
return errors.New("Cannot open CA file " + caFile)
caCertPool := x509.NewCertPool()
if !caCertPool.AppendCertsFromPEM(caCert) {
return errors.New("Cannot parse CA file data in " + caFile)
tlsVerifyPolicy := tls.RequireAnyClientCert
if app.options.EnableClientCertificateVerification {
log.Print("Enabling verification of client certificate")
tlsVerifyPolicy = tls.RequireAndVerifyClientCert
tlsConfig := &tls.Config{
ClientCAs: caCertPool,
ClientAuth: tlsVerifyPolicy,
app.server.TLSConfig = tlsConfig
err = app.server.ListenAndServeTLS(crtFile, keyFile)
} else {
err = app.server.ListenAndServe()
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!