cmd/stdiscosrv: Separate HTTPS and replication certificates

2023-08-23 13:40:38 +02:00 · 2023-08-23 13:40:38 +02:00 · a04cc95005
parent 480fa4b915
commit a04cc95005
1 changed files with 17 additions and 3 deletions
--- a/cmd/stdiscosrv/main.go
+++ b/cmd/stdiscosrv/main.go
@ -74,6 +74,8 @@ func main() {
 	var replicationPeers string
 	var certFile string
 	var keyFile string
 	var replCertFile string
 	var replKeyFile string
 	var useHTTP bool
 	var largeDB bool
@ -81,14 +83,16 @@ func main() {
 	log.SetFlags(0)
 	flag.StringVar(&certFile, "cert", "./cert.pem", "Certificate file")
 	flag.StringVar(&keyFile, "key", "./key.pem", "Key file")
 	flag.StringVar(&dir, "db-dir", "./discovery.db", "Database directory")
 	flag.BoolVar(&debug, "debug", false, "Print debug output")
 	flag.BoolVar(&useHTTP, "http", false, "Listen on HTTP (behind an HTTPS proxy)")
 	flag.StringVar(&listen, "listen", ":8443", "Listen address")
 	flag.StringVar(&keyFile, "key", "./key.pem", "Key file")
 	flag.StringVar(&metricsListen, "metrics-listen", "", "Metrics listen address")
 	flag.StringVar(&replicationPeers, "replicate", "", "Replication peers, id@address, comma separated")
 	flag.StringVar(&replicationListen, "replication-listen", ":19200", "Replication listen address")
 	flag.StringVar(&replCertFile, "replication-cert", "", "Certificate file for replication")
 	flag.StringVar(&replKeyFile, "replication-key", "", "Key file for replication")
 	flag.BoolVar(&largeDB, "large-db", false, "Use larger database settings")
 	showVersion := flag.Bool("version", false, "Show version")
 	flag.Parse()
@ -120,6 +124,16 @@ func main() {
 	devID := protocol.NewDeviceID(cert.Certificate[0])
 	log.Println("Server device ID is", devID)
 	replCert := cert
 	if replCertFile != "" && replKeyFile != "" {
 		replCert, err = tls.LoadX509KeyPair(replCertFile, replKeyFile)
 		if err != nil {
 			log.Fatalln("Failed to load replication keypair:", err)
 		}
 	}
 	replDevID := protocol.NewDeviceID(replCert.Certificate[0])
 	log.Println("Replication device ID is", replDevID)
 	// Parse the replication specs, if any.
 	var allowedReplicationPeers []protocol.DeviceID
 	var replicationDestinations []string
@ -174,14 +188,14 @@ func main() {
 	// Start any replication senders.
 	var repl replicationMultiplexer
 	for _, dst := range replicationDestinations {
-		rs := newReplicationSender(dst, cert, allowedReplicationPeers)
+		rs := newReplicationSender(dst, replCert, allowedReplicationPeers)
 		main.Add(rs)
 		repl = append(repl, rs)
 	}
 	// If we have replication configured, start the replication listener.
 	if len(allowedReplicationPeers) > 0 {
-		rl := newReplicationListener(replicationListen, cert, allowedReplicationPeers, db)
+		rl := newReplicationListener(replicationListen, replCert, allowedReplicationPeers, db)
 		main.Add(rl)
 	}