# SSLCACertificateFile "/path/to/root.pem"
# SSLCertificateFile "/path/to/client.pem"
# SSLCertificateKeyFile "/path/to/client.key"
+# VerifyPeer true
# </Listen>
#</Plugin>
Filenames specifying SSL certificate and key material to be used with SSL
connections.
+=item B<VerifyPeer> B<true>|B<false>
+
+When enabled, a valid client certificate is required to connect to the server.
+When disabled, a client certifiacte is not requested and any unsolicited client
+certificate is accepted.
+Enabled by default.
+
=back
=back
listener.port = grpc::string(ci->values[1].value.string);
listener.ssl = nullptr;
- auto ssl_opts = new (grpc::SslServerCredentialsOptions);
+ auto ssl_opts = new grpc::SslServerCredentialsOptions(
+ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
grpc::SslServerCredentialsOptions::PemKeyCertPair pkcp = {};
bool use_ssl = false;
return -1;
}
pkcp.cert_chain = read_file(cert);
+ } else if (!strcasecmp("VerifyPeer", child->key)) {
+ _Bool verify = 0;
+ if (cf_util_get_boolean(child, &verify)) {
+ return -1;
+ }
+ ssl_opts->client_certificate_request =
+ verify ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
+ : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
} else {
WARNING("grpc: Option `%s` not allowed in <%s> block.", child->key,
ci->key);
projects / collectd.git / commitdiff