feat: allow specify multi certs for each vhost

marjune163 · marjune163 · commit 2b0db88103ba · 2022-05-28T23:21:26.000+08:00
diff --git a/src/app/main.go b/src/app/main.go
@@ -73,7 +73,7 @@ func NewApp(params []*param.Param) *App {
 		// init vhost
 		listens := p.Listens
 		if len(listens) == 0 && len(p.ListensPlain) == 0 && len(p.ListensTLS) == 0 {
-			if p.Certificate == nil {
+			if len(p.Certificates) == 0 {
 				listens = []string{":80"}
 			} else {
 				listens = []string{":443"}
@@ -84,7 +84,7 @@ func NewApp(params []*param.Param) *App {
 			Listens:      listens,
 			ListensPlain: p.ListensPlain,
 			ListensTLS:   p.ListensTLS,
-			Cert:         p.Certificate,
+			Certs:        p.Certificates,
 			HostNames:    p.HostNames,
 			Handler:      vhHandler.Handler,
 		})
diff --git a/src/param/cli.go b/src/param/cli.go
@@ -5,7 +5,6 @@ import (
 	"../serverErrHandler"
 	"../util"
 	"../version"
-	"errors"
 	"fmt"
 	"os"
 	"strings"
@@ -119,10 +118,10 @@ func init() {
 	err = options.AddFlag("usermatchcase", "--user-match-case", "GHFS_USER_MATCH_CASE", "username should be case sensitive")
 	serverErrHandler.CheckFatal(err)
 
-	err = options.AddFlagsValue("key", []string{"-k", "--key"}, "GHFS_KEY", "", "TLS certificate key path")
+	err = options.AddFlagsValues("certs", []string{"-c", "--cert"}, "GHFS_CERT", nil, "TLS certificate path")
 	serverErrHandler.CheckFatal(err)
 
-	err = options.AddFlagsValue("cert", []string{"-c", "--cert"}, "GHFS_CERT", "", "TLS certificate path")
+	err = options.AddFlagsValues("keys", []string{"-k", "--key"}, "GHFS_KEY", nil, "TLS certificate key path")
 	serverErrHandler.CheckFatal(err)
 
 	err = options.AddFlagsValues("listens", []string{"-l", "--listen"}, "GHFS_LISTEN", nil, "address and port to listen")
@@ -276,18 +275,13 @@ func doParseCli() []*Param {
 		param.GlobalHeaders = entriesToHeaders(globalHeaders)
 
 		// certificate
-		key, _ := result.GetString("key")
-		cert, _ := result.GetString("cert")
-		if len(key) > 0 && len(cert) > 0 {
-			var err error
-			param.Certificate, err = LoadCertificate(cert, key)
-			if err != nil {
-				serverErrHandler.CheckFatal(err)
-			}
-		} else if len(key) > 0 && len(cert) == 0 {
-			serverErrHandler.CheckFatal(errors.New("missing certificate file"))
-		} else if len(key) == 0 && len(cert) > 0 {
-			serverErrHandler.CheckFatal(errors.New("missing certificate key file"))
+		certFiles, _ := result.GetStrings("certs")
+		keyFiles, _ := result.GetStrings("keys")
+		certs, errs := LoadCertificates(certFiles, keyFiles)
+		if len(errs) > 0 {
+			serverErrHandler.CheckFatal(errs...)
+		} else {
+			param.Certificates = certs
 		}
 
 		// normalize aliases
diff --git a/src/param/main.go b/src/param/main.go
@@ -52,7 +52,7 @@ type Param struct {
 	UsersSha512   []*user
 	UserMatchCase bool
 
-	Certificate  *tls.Certificate
+	Certificates []tls.Certificate
 	Listens      []string
 	ListensPlain []string
 	ListensTLS   []string
diff --git a/src/param/objUtil.go b/src/param/objUtil.go
@@ -8,8 +8,8 @@ import (
 	"strings"
 )
 
-func LoadCertificate(certFile, keyFile string) (*tls.Certificate, error) {
-	return goVirtualHost.LoadCertificate(certFile, keyFile)
+func LoadCertificates(certFiles, keyFiles []string) ([]tls.Certificate, []error) {
+	return goVirtualHost.LoadCertificates(certFiles, keyFiles)
 }
 
 func EntriesToUsers(entries []string) []*user {

Original file line number	Diff line number	Diff line change
`@@ -8,8 +8,8 @@ import (`
`8`	`8`	`"strings"`
`9`	`9`	`)`
`10`	`10`
`11`		`-func LoadCertificate(certFile, keyFile string) (*tls.Certificate, error) {`
`12`		`- return goVirtualHost.LoadCertificate(certFile, keyFile)`
	`11`	`+func LoadCertificates(certFiles, keyFiles []string) ([]tls.Certificate, []error) {`
	`12`	`+ return goVirtualHost.LoadCertificates(certFiles, keyFiles)`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`func EntriesToUsers(entries []string) []*user {`