add wechaty ca, see #16

wechaty · Nov 24, 2021 · f696d72 · f696d72
1 parent 9ddc238
commit f696d72
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -61,6 +61,29 @@ docker run -ti --volume="$(pwd)":/bot --rm phpwechaty/php-wechaty:v1 docker/ding
 
 > Learn more about Wechaty Docker at [Wiki:Docker](https://github.com/Wechaty/php-wechaty/wiki/Docker).
 
+#### New environment variables
+
+<!-- markdownlint-disable MD013 -->
+
+1. `WECHATY_PUPPET_SERVICE_TLS_CA_CERT`: can be overwrite by `options.tlsRootCert`. Set Root CA Cert to verify the server or client.
+
+For Puppet Server:
+
+| Environment Variable | Options | Description |
+| -------------------- | ------- | ----------- |
+| `WECHATY_PUPPET_SERVICE_TLS_SERVER_CERT` | `options.tls.serverCert` | Server CA Cert (string data) |
+| `WECHATY_PUPPET_SERVICE_TLS_SERVER_KEY` | `options.tls.serverKey` | Server CA Key (string data) |
+| `WECHATY_PUPPET_SERVICE_NO_TLS_INSECURE_SERVER` | `options.tls.disable` | Set `true` to disable server TLS |
+
+For Puppet Client:
+
+| Environment Variable | Options | Description |
+| -------------------- | ------- | ----------- |
+| `WECHATY_PUPPET_SERVICE_AUTHORITY` | `options.authority` | Service discovery host, default: `api.chatie.io` |
+| `WECHATY_PUPPET_SERVICE_TLS_CA_CERT` | `options.caCert` | Certification Authority Root Cert, default is using Wechaty Community root cert |
+| `WECHATY_PUPPET_SERVICE_TLS_SERVER_NAME` | `options.serverName` | Server Name (mast match for SNI) |
+| `WECHATY_PUPPET_SERVICE_NO_TLS_INSECURE_CLIENT` | `options.tls.disable` | Set `true` to disable client TLS |
+
 ## The World's Shortest PHP ChatBot: 8 lines of Code
 
 ### php

diff --git a/wechaty-puppet-service/IO/Github/Wechaty/PuppetService/PuppetService.php b/wechaty-puppet-service/IO/Github/Wechaty/PuppetService/PuppetService.php
@@ -792,6 +792,9 @@ function ($metadata,
                 return $metadataCopy;
             };
         Logger::DEBUG($updateMetadata);
+        // WECHATY_PUPPET_SERVICE_NO_TLS_INSECURE_CLIENT
+        // WECHATY_PUPPET_SERVICE_TLS_CA_CERT
+        // WECHATY_PUPPET_SERVICE_TLS_SERVER_NAME
         $this->_grpcClient = new \Wechaty\PuppetClient($hostname, [
             'credentials' => \Grpc\ChannelCredentials::createInsecure(),
             'update_metadata' => $updateMetadata,