28 lines
846 B
Go
28 lines
846 B
Go
package apiserver
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"fmt"
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
func getTLSAuthType(authType string) (tls.ClientAuthType, error) {
|
|
switch authType {
|
|
case "NoClientCert":
|
|
return tls.NoClientCert, nil
|
|
case "RequestClientCert":
|
|
log.Warn("RequestClientCert is insecure, please use VerifyClientCertIfGiven or RequireAndVerifyClientCert instead")
|
|
return tls.RequestClientCert, nil
|
|
case "RequireAnyClientCert":
|
|
log.Warn("RequireAnyClientCert is insecure, please use VerifyClientCertIfGiven or RequireAndVerifyClientCert instead")
|
|
return tls.RequireAnyClientCert, nil
|
|
case "VerifyClientCertIfGiven":
|
|
return tls.VerifyClientCertIfGiven, nil
|
|
case "RequireAndVerifyClientCert":
|
|
return tls.RequireAndVerifyClientCert, nil
|
|
default:
|
|
return 0, fmt.Errorf("unknown TLS client_verification value: %s", authType)
|
|
}
|
|
}
|