From b015ab8f06f8fc72c827af4388428949cec8a5c6 Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Thu, 19 Oct 2023 10:46:31 +0200 Subject: [PATCH] Make client certificate optional --- arbnode/dataposter/data_poster.go | 19 +++++++++++-------- arbnode/dataposter/dataposter_test.go | 2 +- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/arbnode/dataposter/data_poster.go b/arbnode/dataposter/data_poster.go index 39fda3f2ac..687b26ba26 100644 --- a/arbnode/dataposter/data_poster.go +++ b/arbnode/dataposter/data_poster.go @@ -175,15 +175,18 @@ func NewDataPoster(ctx context.Context, opts *DataPosterOpts) (*DataPoster, erro } func rpcClient(ctx context.Context, opts *ExternalSignerCfg) (*rpc.Client, error) { - clientCert, err := tls.LoadX509KeyPair(opts.ClientCert, opts.ClientPrivateKey) - if err != nil { - return nil, fmt.Errorf("error loading client certificate and private key: %w", err) + tlsCfg := &tls.Config{ + MinVersion: tls.VersionTLS12, } - tlsCfg := &tls.Config{ - MinVersion: tls.VersionTLS12, - Certificates: []tls.Certificate{clientCert}, + if opts.ClientCert == "" || opts.ClientPrivateKey == "" { + clientCert, err := tls.LoadX509KeyPair(opts.ClientCert, opts.ClientPrivateKey) + if err != nil { + return nil, fmt.Errorf("error loading client certificate and private key: %w", err) + } + tlsCfg.Certificates = []tls.Certificate{clientCert} } + if opts.RootCA != "" { rootCrt, err := os.ReadFile(opts.RootCA) if err != nil { @@ -756,9 +759,9 @@ type ExternalSignerCfg struct { // (Optional) Path to the external signer root CA certificate. // This allows us to use self-signed certificats on the external signer. RootCA string `koanf:"root-ca"` - // Client certificate for mtls. + // (Optional) Client certificate for mtls. ClientCert string `koanf:"client-cert"` - // Client certificate key for mtls. + // (Optional) Client certificate key for mtls. ClientPrivateKey string `koanf:"client-private-key"` } diff --git a/arbnode/dataposter/dataposter_test.go b/arbnode/dataposter/dataposter_test.go index 4734295ae8..d4d72bbbf4 100644 --- a/arbnode/dataposter/dataposter_test.go +++ b/arbnode/dataposter/dataposter_test.go @@ -136,7 +136,7 @@ func newServer(ctx context.Context, t *testing.T) (*http.Server, *server) { clientCert, err := os.ReadFile("./testdata/client.crt") if err != nil { - panic(err) + t.Fatalf("Error reading client certificate: %v", err) } pool := x509.NewCertPool() pool.AppendCertsFromPEM(clientCert)