Skip to content

Commit

Permalink
feat: allow not defining cert fingerprint if valid certificate is used
Browse files Browse the repository at this point in the history
  • Loading branch information
@giuseongit
giuseongit committed Sep 16, 2024
1 parent 06fdf7c commit 4457b63
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 6 deletions.
2 changes: 1 addition & 1 deletion config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ type Config struct {
}

func (c *Config) valid() bool {
baseValid := c.BaseURL != "" && c.CertFingerprint != "" && c.AuthID != "" && c.Secret != "" && c.Datastore != "" && c.BackupSourceDir != ""
baseValid := c.BaseURL != "" && c.AuthID != "" && c.Secret != "" && c.Datastore != "" && c.BackupSourceDir != ""
if !baseValid {
return baseValid
}
Expand Down
3 changes: 3 additions & 0 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,13 +80,16 @@ func main() {
})
}

insecure := cfg.CertFingerprint != ""

client := &PBSClient{
baseurl: cfg.BaseURL,
certfingerprint: cfg.CertFingerprint, //"ea:7d:06:f9:87:73:a4:72:d0:e8:05:a4:b3:3d:95:d7:0a:26:dd:6d:5c:ca:e6:99:83:e4:11:3b:5f:10:f4:4b",
authid: cfg.AuthID,
secret: cfg.Secret,
datastore: cfg.Datastore,
namespace: cfg.Namespace,
insecure: insecure,
manifest: BackupManifest{
BackupID: cfg.BackupID,
},
Expand Down
12 changes: 7 additions & 5 deletions pbsapi.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,8 @@ type PBSClient struct {
namespace string
manifest BackupManifest

insecure bool

client http.Client
tlsConfig tls.Config

Expand Down Expand Up @@ -329,8 +331,10 @@ func (pbs *PBSClient) Finish() error {
func (pbs *PBSClient) Connect(reader bool) {
pbs.writersManifest = make(map[uint64]int)
pbs.tlsConfig = tls.Config{
InsecureSkipVerify: true, // Set to true if you want to skip certificate verification entirely (not recommended for production)
VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
InsecureSkipVerify: pbs.insecure,
}
if pbs.insecure {
pbs.tlsConfig.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
// Extract the peer certificate
if len(rawCerts) == 0 {
return fmt.Errorf("no certificates presented by the peer")
Expand All @@ -351,9 +355,7 @@ func (pbs *PBSClient) Connect(reader bool) {

// If the fingerprint matches, the certificate is considered valid
return nil
},
//ServerName: "127.0.0.1",

}
}

pbs.manifest.BackupTime = time.Now().Unix()
Expand Down

0 comments on commit 4457b63

Please sign in to comment.