新增客户端证书认证的功能

2025-09-11 21:26:56 +08:00 · 2025-08-19 20:27:41 +08:00
parent 315e1deadc
commit 118fcb3b60
13 changed files with 1089 additions and 284 deletions
--- a/server/handler/server.go
+++ b/server/handler/server.go
@@ -66,6 +66,8 @@ func startTls() {
 		NextProtos:   []string{"http/1.1"},
 		MinVersion:   tls.VersionTLS12,
 		CipherSuites: selectedCipherSuites,
+		ClientAuth:   tls.VerifyClientCertIfGiven, // 验证客户端证书
+		ClientCAs:    dbdata.LoadClientCAPool(),   // 加载客户端CA证书
 		GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
 			base.Trace("GetCertificate ServerName", chi.ServerName)
 			return dbdata.GetCertificateBySNI(chi.ServerName)