SSL/TLS configuration streamlining

Signed-off-by: Matt Butcher <[email protected]>
deislabs · Jun 24, 2021 · 5f3fa20 · 5f3fa20
1 parent c607ecf
commit 5f3fa20
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 /target
 /.vscode
 .DS_Store
+/ssl-example.*
diff --git a/Makefile b/Makefile
@@ -6,6 +6,8 @@ BINDLE_LOG_LEVEL ?= debug
 BINDLE_ID ?= enterprise.com/warpcore/1.0.0
 BINDLE_IFACE ?= 127.0.0.1:8080
 MIME ?= "application/toml"
+CERT_NAME ?= "./ssl-example"
+TLS_OPTS ?= --tls-cert ${CERT_NAME}.crt.pem --tls-key ${CERT_NAME}.key.pem
 
 export RUST_LOG=error,warp=info,bindle=${BINDLE_LOG_LEVEL}
 
@@ -15,9 +17,13 @@ test: build
 	cargo test
 	cargo test --doc --all
 
+.PHONY: serve-tls
+serve-tls:
+	cargo run ${SERVER_FEATURES} --bin ${SERVER_BIN} -- --directory ${HOME}/.bindle/bindles --address ${BINDLE_IFACE} ${TLS_OPTS}
+
 .PHONY: serve
-serve:
-	cargo run ${SERVER_FEATURES} --bin ${SERVER_BIN} -- --directory ${HOME}/.bindle/bindles --address ${BINDLE_IFACE}
+serve: TLS_OPTS =
+serve: serve-tls
 
 # Sort of a wacky hack if you want to do `$(make client) --help`
 .PHONY: client
@@ -36,3 +42,6 @@ build-server:
 build-client:
 	cargo build ${CLIENT_FEATURES} --bin ${CLIENT_BIN}
 
+.PHONY: gen-cert
+gen-cert:
+	openssl req -newkey rsa:2048 -nodes -keyout ${CERT_NAME}.key.pem -x509 -days 365 -out ${CERT_NAME}.crt.pem 
diff --git a/README.md b/README.md
@@ -94,7 +94,9 @@ For both client and server, the `--help` flag will print out documentation.
 To start the compiled server, simply run `target/debug/bindle-server`. If you would like
 to see the available options, use the `--help` command.
 
-If you would like to run the server with `cargo run` (useful when debugging), use `make serve`.
+If you would like to run the server with `cargo run` (useful when debugging), use `make serve` or `make serve-tls`.
+
+You can generate self-signed testing SSL certificates with `make gen-cert`.
 
 #### Supplying a Configuration File
 

diff --git a/bin/server.rs b/bin/server.rs
@@ -40,17 +40,17 @@ struct Opts {
     #[clap(
         name = "cert_path",
         short = 'c',
-        long = "cert-path",
-        env = "BINDLE_CERT_PATH",
+        long = "tls-cert",
+        env = "BINDLE_TLS_CERT",
         requires = "key_path",
         about = "the path to the TLS certificate to use. If set, --key-path must be set as well. If not set, the server will use HTTP"
     )]
     cert_path: Option<PathBuf>,
     #[clap(
         name = "key_path",
         short = 'k',
-        long = "key-path",
-        env = "BINDLE_KEY_PATH",
+        long = "tls-key",
+        env = "BINDLE_TLS_KEY",
         requires = "cert_path",
         about = "the path to the TLS certificate key to use. If set, --cert-path must be set as well. If not set, the server will use HTTP"
     )]
@@ -65,15 +65,15 @@ struct Opts {
         name = "keyring",
         short = 'r',
         long = "keyring",
-        about = "the path to the keyring file"
+        about = "the path to the public keyring file used for verifying signatures"
     )]
     keyring_file: Option<PathBuf>,
 
     #[clap(
         name = "signing_keys",
         long = "signing-keys",
         env = "BINDLE_SIGNING_KEYS",
-        about = "location of the TOML file that holds the signing keys"
+        about = "location of the TOML file that holds the signing keys used for creating signatures"
     )]
     signing_file: Option<PathBuf>,
 }