Commit ab2e3020 authored by Levin Zimmermann's avatar Levin Zimmermann Committed by Kirill Smelkov

go/neo: Expand user prefix in TLS key/cert paths

This patch fixes a discrepancy between NEO/py and NEO/go: NEO/py expands
the '~' and the '~username' prefix in the file path of the TLS
certificate/key files [1]. This syntax is used in NEO/py SlapOS SR [2].
We need to fix this discrepancy in NEO/go in order to use TLS encryption
with NEO + WCFS.

[1] https://lab.nexedi.com/nexedi/neoppod/blob/7c539f0f/neo/lib/config.py#L149
and https://lab.nexedi.com/nexedi/neoppod/blob/fa63d856/neo/lib/app.py#L25-31

[2] https://lab.nexedi.com/nexedi/slapos/blob/397726e1/stack/erp5/instance-zodb-base.cfg.in#L18-20
and https://lab.nexedi.com/nexedi/slapos/blob/a8150a1a/software/neoppod/instance-neo-input-schema.json#L62

/reviewed-by @kirr
/reviewed-on kirr/neo!1
parent 1b74100e
// Copyright (C) 2018-2020 Nexedi SA and Contributors. // Copyright (C) 2018-2023 Nexedi SA and Contributors.
// Kirill Smelkov <kirr@nexedi.com> // Kirill Smelkov <kirr@nexedi.com>
// //
// This program is free software: you can Use, Study, Modify and Redistribute // This program is free software: you can Use, Study, Modify and Redistribute
...@@ -30,6 +30,7 @@ import ( ...@@ -30,6 +30,7 @@ import (
"lab.nexedi.com/kirr/go123/xnet/lonet" "lab.nexedi.com/kirr/go123/xnet/lonet"
"lab.nexedi.com/kirr/go123/xstrings" "lab.nexedi.com/kirr/go123/xstrings"
"lab.nexedi.com/kirr/neo/go/neo/internal/xpath/xfilepath"
"lab.nexedi.com/kirr/neo/go/neo/internal/xtls" "lab.nexedi.com/kirr/neo/go/neo/internal/xtls"
) )
...@@ -93,7 +94,10 @@ func Join(ctx context.Context, cfg Config) (net xnet.Networker, err error) { ...@@ -93,7 +94,10 @@ func Join(ctx context.Context, cfg Config) (net xnet.Networker, err error) {
} }
if ssl { if ssl {
tlsCfg, err := xtls.ConfigForP2P(cfg.CA, cfg.Cert, cfg.Key) xu := xfilepath.ExpandUser // Expand user for compatibility with NEO/py:
// https://lab.nexedi.com/nexedi/neoppod/blob/d5afef8e/neo/lib/config.py#L149
// https://lab.nexedi.com/nexedi/neoppod/blob/d5afef8e/neo/lib/app.py#L25-31
tlsCfg, err := xtls.ConfigForP2P(xu(cfg.CA), xu(cfg.Cert), xu(cfg.Key))
if err != nil { if err != nil {
return nil, err return nil, err
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment