Add tls configuration to both client and server (#1974)

2026-01-11 22:23:12 +00:00 · 2020-09-18 19:58:58 +08:00
parent 48fa618c34
commit 4fff3c7472
6 changed files with 247 additions and 34 deletions
--- a/client/service.go
+++ b/client/service.go
@@ -18,6 +18,7 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	"github.com/fatedier/frp/models/transport"
 	"io/ioutil"
 	"net"
 	"runtime"
@@ -204,8 +205,14 @@ func (svr *Service) login() (conn net.Conn, session *fmux.Session, err error) {
 	xl := xlog.FromContextSafe(svr.ctx)
 	var tlsConfig *tls.Config
 	if svr.cfg.TLSEnable {
-		tlsConfig = &tls.Config{
-			InsecureSkipVerify: true,
+		tlsConfig, err = transport.NewClientTLSConfig(
+			svr.cfg.TLSCertFile,
+			svr.cfg.TLSKeyFile,
+			svr.cfg.TLSTrustedCaFile,
+			svr.cfg.ServerAddr)
+		if err != nil {
+			xl.Warn("fail to build tls configuration when service login, err: %v", err)
+			return
 		}
 	}
 	conn, err = frpNet.ConnectServerByProxyWithTLS(svr.cfg.HTTPProxy, svr.cfg.Protocol,