Commit ab3e7d35 authored by Marco Gonzalez Hierro's avatar Marco Gonzalez Hierro

Added support for CA certs and changed default location of certs to /cert/cert.*

parent 1c2449f7
......@@ -40,8 +40,8 @@ File = './logs/edgex-export-distro.log'
[Certificates]
[Certificates.MQTTS]
Cert = 'dummy.crt'
Key = 'dummy.key'
Cert = '/certs/export.crt'
Key = '/certs/export.key'
[Certificates.AWS]
Cert = 'dummy.crt'
......
......@@ -15,6 +15,8 @@ import (
"fmt"
"strconv"
"strings"
"io/ioutil"
"crypto/x509"
MQTT "github.com/eclipse/paho.mqtt.golang"
contract "github.com/edgexfoundry/go-mod-core-contracts/models"
......@@ -41,12 +43,22 @@ func newMqttSender(addr contract.Addressable, cert string, key string) sender {
cert, err := tls.LoadX509KeyPair(cert, key)
if err != nil {
LoggingClient.Error("Failed loading x509 data")
LoggingClient.Error(fmt.Sprintf("Failed loading x509 data: %v", err))
return nil
}
tlsConfig := &tls.Config{
ClientCAs: nil,
// Add support for custom CA
certpool := x509.NewCertPool()
pem, err := ioutil.ReadFile("/certs/ca.pem")
if err != nil {
LoggingClient.Error(fmt.Sprintf("Failed to read client certificate authority: %v", err))
}
if !certpool.AppendCertsFromPEM(pem) {
LoggingClient.Error("Can't parse client certificate authority")
}
tlsConfig := &tls.Config {
ClientCAs: certpool,
InsecureSkipVerify: true,
Certificates: []tls.Certificate{cert},
}
......
#!/bin/sh
docker build \
-f cmd/export-distro/Dockerfile \
--label "git_sha=1c2449f73fa961aa7634dfaed45422a7c979d68e" \
-t edgexfoundry/docker-export-distro-go:1c2449f73fa961aa7634dfaed45422a7c979d68e \
-t edgexfoundry/docker-export-distro-go:1.0.0-dev \
-t registry.bda.ikerlan.es/konnektbox/docker-export-distro-go:1.0.0 \
.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment