TheArchive/restic
1
0
Fork 0
mirror of https://github.com/restic/restic.git synced 2025-12-09 04:32:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support for TLS client certificate authentication

Browse Source 
This adds --tls-client-cert and --tls-client-key parameters and enables use
of that certificate/key pair when connecting to https servers.
This commit is contained in:
Bryce Chidester
2017-12-29 19:51:13 -08:00
committed by Alexander Neumann
parent e706f1a8d1
commit e805b968b1
9 changed files with 68 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
cmd/restic/global.go
View File

@@ -39,15 +39,17 @@ var version = "compiled manually"
// GlobalOptions hold all global options for restic.
type GlobalOptions struct {
Repo string
PasswordFile string
Quiet bool
NoLock bool
JSON bool
CacheDir string
NoCache bool
CACerts []string
CleanupCache bool
Repo string
PasswordFile string
Quiet bool
NoLock bool
JSON bool
CacheDir string
NoCache bool
CACerts []string
TLSClientCert string
TLSClientKey string
CleanupCache bool
LimitUploadKb int
LimitDownloadKb int
@@ -84,6 +86,8 @@ func init() {
f.StringVar(&globalOptions.CacheDir, "cache-dir", "", "set the cache directory")
f.BoolVar(&globalOptions.NoCache, "no-cache", false, "do not use a local cache")
f.StringSliceVar(&globalOptions.CACerts, "cacert", nil, "path to load root certificates from (default: use system certificates)")
f.StringVar(&globalOptions.TLSClientCert, "tls-client-cert", "", "path to a TLS client certificate")
f.StringVar(&globalOptions.TLSClientKey, "tls-client-key", "", "path to a TLS client certificate key")
f.BoolVar(&globalOptions.CleanupCache, "cleanup-cache", false, "auto remove old cache directories")
f.IntVar(&globalOptions.LimitUploadKb, "limit-upload", 0, "limits uploads to a maximum rate in KiB/s. (default: unlimited)")
f.IntVar(&globalOptions.LimitDownloadKb, "limit-download", 0, "limits downloads to a maximum rate in KiB/s. (default: unlimited)")
@@ -541,7 +545,7 @@ func open(s string, gopts GlobalOptions, opts options.Options) (restic.Backend,
return nil, err
}
rt, err := backend.Transport(globalOptions.CACerts)
rt, err := backend.Transport(globalOptions.CACerts, globalOptions.TLSClientCert, globalOptions.TLSClientKey)
if err != nil {
return nil, err
}
@@ -605,7 +609,7 @@ func create(s string, opts options.Options) (restic.Backend, error) {
return nil, err
}
rt, err := backend.Transport(globalOptions.CACerts)
rt, err := backend.Transport(globalOptions.CACerts, globalOptions.TLSClientCert, globalOptions.TLSClientKey)
if err != nil {
return nil, err
}