新增客户端证书认证的功能

server/base/cfg.go

@@ -34,29 +34,31 @@ var (
 
 type ServerConfig struct {
 	// LinkAddr      string `json:"link_addr"`
-	Conf              string `json:"conf"`
-	Profile           string `json:"profile"`
-	ProfileName       string `json:"profile_name"`
-	ServerAddr        string `json:"server_addr"`
-	ServerDTLS        bool   `json:"server_dtls"`
-	ServerDTLSAddr    string `json:"server_dtls_addr"`
-	AdvertiseDTLSAddr string `json:"advertise_dtls_addr"`
-	AdminAddr         string `json:"admin_addr"`
-	ProxyProtocol     bool   `json:"proxy_protocol"`
-	DbType            string `json:"db_type"`
-	DbSource          string `json:"db_source"`
-	CertFile          string `json:"cert_file"`
-	CertKey           string `json:"cert_key"`
-	FilesPath         string `json:"files_path"`
-	LogPath           string `json:"log_path"`
-	LogLevel          string `json:"log_level"`
-	HttpServerLog     bool   `json:"http_server_log"`
-	Pprof             bool   `json:"pprof"`
-	Issuer            string `json:"issuer"`
-	AdminUser         string `json:"admin_user"`
-	AdminPass         string `json:"admin_pass"`
-	AdminOtp          string `json:"admin_otp"`
-	JwtSecret         string `json:"jwt_secret"`
+	Conf                string `json:"conf"`
+	Profile             string `json:"profile"`
+	ProfileName         string `json:"profile_name"`
+	ServerAddr          string `json:"server_addr"`
+	ServerDTLS          bool   `json:"server_dtls"`
+	ServerDTLSAddr      string `json:"server_dtls_addr"`
+	AdvertiseDTLSAddr   string `json:"advertise_dtls_addr"`
+	AdminAddr           string `json:"admin_addr"`
+	ProxyProtocol       bool   `json:"proxy_protocol"`
+	DbType              string `json:"db_type"`
+	DbSource            string `json:"db_source"`
+	CertFile            string `json:"cert_file"`
+	CertKey             string `json:"cert_key"`
+	ClientCertCAFile    string `json:"client_ca_file"`
+	ClientCertCAKeyFile string `json:"client_ca_key_file"`
+	FilesPath           string `json:"files_path"`
+	LogPath             string `json:"log_path"`
+	LogLevel            string `json:"log_level"`
+	HttpServerLog       bool   `json:"http_server_log"`
+	Pprof               bool   `json:"pprof"`
+	Issuer              string `json:"issuer"`
+	AdminUser           string `json:"admin_user"`
+	AdminPass           string `json:"admin_pass"`
+	AdminOtp            string `json:"admin_otp"`
+	JwtSecret           string `json:"jwt_secret"`
 
 	LinkMode    string `json:"link_mode"`    // tun tap macvtap ipvtap
 	Ipv4Master  string `json:"ipv4_master"`  // eth0

server/base/config.go

@@ -33,6 +33,8 @@ var configs = []config{
 	{Typ: cfgStr, Name: "db_source", Usage: "数据库source", ValStr: "./conf/anylink.db"},
 	{Typ: cfgStr, Name: "cert_file", Usage: "证书文件", ValStr: "./conf/vpn_cert.pem"},
 	{Typ: cfgStr, Name: "cert_key", Usage: "证书密钥", ValStr: "./conf/vpn_cert.key"},
+	{Typ: cfgStr, Name: "client_ca_file", Usage: "客户端证书CA证书", ValStr: "./conf/client_ca.pem"},
+	{Typ: cfgStr, Name: "client_ca_key_file", Usage: "客户端证书CA密钥", ValStr: "./conf/client_ca.key"},
 	{Typ: cfgStr, Name: "files_path", Usage: "外部下载文件路径", ValStr: "./conf/files"},
 	{Typ: cfgStr, Name: "log_path", Usage: "日志文件路径,默认标准输出", ValStr: ""},
 	{Typ: cfgStr, Name: "log_level", Usage: "日志等级 [debug info warn error]", ValStr: "debug"},