From a538255034694b5353a448c342114ff8a44cc9e0 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Fri, 23 Sep 2022 17:49:42 +0200 Subject: [PATCH] httpclient: add leaf certificates Signed-off-by: Nicola Murino --- go.mod | 6 +++--- go.sum | 12 ++++++------ internal/httpclient/httpclient.go | 16 +++++++++++----- templates/webclient/files.html | 3 +-- 4 files changed, 21 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index cae7bab0..9f1f9f9d 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/drakkan/sftpgo/v2 go 1.19 require ( - cloud.google.com/go/storage v1.26.0 + cloud.google.com/go/storage v1.27.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.3 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 @@ -20,7 +20,7 @@ require ( github.com/cockroachdb/cockroach-go/v2 v2.2.16 github.com/coreos/go-oidc/v3 v3.4.0 github.com/eikenb/pipeat v0.0.0-20210730190139-06b3e6902001 - github.com/fclairamb/ftpserverlib v0.19.2-0.20220922051837-cde05ddf9fe6 + github.com/fclairamb/ftpserverlib v0.20.0 github.com/fclairamb/go-log v0.4.1 github.com/go-acme/lego/v4 v4.8.0 github.com/go-chi/chi/v5 v5.0.8-0.20220512131524-9e71a0d4b3d6 @@ -69,7 +69,7 @@ require ( golang.org/x/net v0.0.0-20220909164309-bea034e7d591 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 - golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45 + golang.org/x/time v0.0.0-20220922220347-f3bd1da661af google.golang.org/api v0.97.0 gopkg.in/natefinch/lumberjack.v2 v2.0.0 ) diff --git a/go.sum b/go.sum index 35b61a36..93c1a9b1 100644 --- a/go.sum +++ b/go.sum @@ -76,8 +76,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= cloud.google.com/go/storage v1.21.0/go.mod h1:XmRlxkgPjlBONznT2dDUU/5XlpU2OjMnKuqnZI01LAA= cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= -cloud.google.com/go/storage v1.26.0 h1:lYAGjknyDJirSzfwUlkv4Nsnj7od7foxQNH/fqZqles= -cloud.google.com/go/storage v1.26.0/go.mod h1:mk/N7YwIKEWyTvXAWQCIeiCTdLoRH6Pd5xmSnolQLTI= +cloud.google.com/go/storage v1.27.0 h1:YOO045NZI9RKfCj1c5A/ZtuuENUc8OAW+gHdGnDgyMQ= +cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= cloud.google.com/go/trace v1.0.0/go.mod h1:4iErSByzxkyHWzzlAj63/Gmjz0NH1ASqhJguHpGcr6A= cloud.google.com/go/trace v1.2.0/go.mod h1:Wc8y/uYyOhPy12KEnXG9XGrvfMz5F5SrYecQlbW1rwM= contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= @@ -284,8 +284,8 @@ github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go. github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fclairamb/ftpserverlib v0.19.2-0.20220922051837-cde05ddf9fe6 h1:WdhM0yDKdtSD+cqWHAMLMTwvUvmzy36eI3Ow8emZmn0= -github.com/fclairamb/ftpserverlib v0.19.2-0.20220922051837-cde05ddf9fe6/go.mod h1:7pR5Ckeygw3T006z1ND6HYSbJz+fTvkFAXlF6snW4yI= +github.com/fclairamb/ftpserverlib v0.20.0 h1:9NjQPxo3T0XQCyzSXZJ0XBH4mk4Qv4Lpw3GNVabvnpU= +github.com/fclairamb/ftpserverlib v0.20.0/go.mod h1:7pR5Ckeygw3T006z1ND6HYSbJz+fTvkFAXlF6snW4yI= github.com/fclairamb/go-log v0.4.1 h1:rLtdSG9x2pK41AIAnE8WYpl05xBJfw1ZyYxZaXFcBsM= github.com/fclairamb/go-log v0.4.1/go.mod h1:sw1KvnkZ4wKCYkvy4SL3qVZcJSWFP8Ure4pM3z+KNn4= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -1000,8 +1000,8 @@ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20220224211638-0e9765cccd65/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45 h1:yuLAip3bfURHClMG9VBdzPrQvCWjWiWUTBGV+/fCbUs= -golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220922220347-f3bd1da661af h1:Yx9k8YCG3dvF87UAn2tu2HQLf2dt/eR1bXxpLMWeH+Y= +golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= diff --git a/internal/httpclient/httpclient.go b/internal/httpclient/httpclient.go index 593443e3..6d9aca0a 100644 --- a/internal/httpclient/httpclient.go +++ b/internal/httpclient/httpclient.go @@ -74,7 +74,6 @@ type Config struct { // Headers defines a list of http headers to add to each request Headers []Header `json:"headers" mapstructure:"headers"` customTransport *http.Transport - tlsConfig *tls.Config } const logSender = "httpclient" @@ -83,6 +82,9 @@ var httpConfig Config // Initialize configures HTTP clients func (c *Config) Initialize(configDir string) error { + if c.Timeout <= 0 { + return fmt.Errorf("invalid timeout: %v", c.Timeout) + } rootCAs, err := c.loadCACerts(configDir) if err != nil { return err @@ -98,7 +100,6 @@ func (c *Config) Initialize(configDir string) error { } customTransport.TLSClientConfig.InsecureSkipVerify = c.SkipTLSVerify c.customTransport = customTransport - c.tlsConfig = customTransport.TLSClientConfig err = c.loadCertificates(configDir) if err != nil { @@ -170,13 +171,18 @@ func (c *Config) loadCertificates(configDir string) error { if err != nil { return fmt.Errorf("unable to load key pair %#v, %#v: %v", cert, key, err) } + x509Cert, err := x509.ParseCertificate(tlsCert.Certificate[0]) + if err == nil { + logger.Debug(logSender, "", "adding leaf certificate for key pair %q, %q", cert, key) + tlsCert.Leaf = x509Cert + } logger.Debug(logSender, "", "client certificate %#v and key %#v successfully loaded", cert, key) - c.tlsConfig.Certificates = append(c.tlsConfig.Certificates, tlsCert) + c.customTransport.TLSClientConfig.Certificates = append(c.customTransport.TLSClientConfig.Certificates, tlsCert) } return nil } -// GetHTTPClient returns an HTTP client with the configured parameters +// GetHTTPClient returns a new HTTP client with the configured parameters func GetHTTPClient() *http.Client { return &http.Client{ Timeout: time.Duration(httpConfig.Timeout * float64(time.Second)), @@ -189,7 +195,7 @@ func GetHTTPClient() *http.Client { func GetRetraybleHTTPClient() *retryablehttp.Client { client := retryablehttp.NewClient() client.HTTPClient.Timeout = time.Duration(httpConfig.Timeout * float64(time.Second)) - client.HTTPClient.Transport.(*http.Transport).TLSClientConfig = httpConfig.tlsConfig + client.HTTPClient.Transport.(*http.Transport).TLSClientConfig = httpConfig.customTransport.TLSClientConfig client.Logger = &logger.LeveledLogger{Sender: "RetryableHTTPClient"} client.RetryWaitMin = time.Duration(httpConfig.RetryWaitMin) * time.Second client.RetryWaitMax = time.Duration(httpConfig.RetryWaitMax) * time.Second diff --git a/templates/webclient/files.html b/templates/webclient/files.html index 38c59cc6..0f7835d2 100644 --- a/templates/webclient/files.html +++ b/templates/webclient/files.html @@ -1039,9 +1039,8 @@ along with this program. If not, see . case "bmp": case "svg": case "ico": - var view_url = row['url']+"&inline=1"; var title = escapeHTMLForceSafe(row["name"]) - return ``; + return ``; case "mp4": case "mov": var name = b64EncodeUnicode(row["name"]);