gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-14 10:10:42 -07:00
Code Issues Packages Projects Releases Wiki Activity
2,517 Commits 30 Branches 48 Tags
aff10aa16b0cd4c40dcafe4eb366770fd41d64cd
Commit Graph

3 Commits

Author SHA1 Message Date
Waldemar Quevedo
4846b5ad6c Support for TLS certs based auth for gateways 
When enabling verify and map as part of its TLS config
a the subject from TLS cert can now be used to confirm
the identity of a gateway.

```
gateway {
  tls {
    cert_file = "./configs/certs/tlsauth/server.pem"
    key_file = "./configs/certs/tlsauth/server-key.pem"
    ca_file = "./configs/certs/tlsauth/ca.pem"
    verify_and_map = true
    timeout = 2
  }

  authorization {
    user = "CN=localhost,OU=NATS.io Operators"
  }
}
```

Signed-off-by: Waldemar Quevedo <wally@synadia.com>
 2019-02-18 21:48:06 -08:00
Waldemar Quevedo
01057467cf Support TLS based auth for routes 
Similar as with clients, this makes it possible to
use the subject from a TLS certificate to validate
the permissions from a cluster member.

Currently only a single configured user is supported:

```
cluster {
  tls {
    cert_file = "./configs/certs/tlsauth/server.pem"
    key_file = "./configs/certs/tlsauth/server-key.pem"
    ca_file = "./configs/certs/tlsauth/ca.pem"
    verify_and_map = true
    timeout = 2
  }

  permissions {
    publish {
  	allow = ["public.>"]
    }
    subscribe {
  	allow = ["public.>"]
    }
  }

  authorization {
    user = "CN=localhost,OU=NATS.io Operators"
  }
}
```

Signed-off-by: Waldemar Quevedo <wally@synadia.com>
 2019-02-18 17:12:09 -08:00
Waldemar Quevedo
7645d95c18 Support using TLS cert subject to auth user 
Signed-off-by: Waldemar Quevedo <wally@synadia.com>
 2019-02-06 12:36:03 -08:00