Dark-Alex-17/kapow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If CA certificate file is incorrect return an error instead of use default syustem CA store

Browse Source
This commit is contained in:
Héctor Hurtado
2020-01-24 11:54:06 +01:00
parent cddc5ff351
commit f103b39a94
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/server/user/server.go
+7 -3
View File
@@ -19,6 +19,7 @@ package user
import ( import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"fmt"
"io/ioutil" "io/ioutil"
"log" "log"
"net/http" "net/http"
@@ -47,7 +48,7 @@ func Run(bindAddr, certFile, keyFile, cliCaFile string, cliAuth bool) {
var err error var err error
Server.TLSConfig.ClientCAs, err = loadCertificatesFromFile(cliCaFile) Server.TLSConfig.ClientCAs, err = loadCertificatesFromFile(cliCaFile)
if err != nil { if err != nil {
log.Printf("UserServer failed to load CA certs: %s\nDefault to system CA store.", err) log.Fatalf("UserServer failed to load CA certs: %s\n", err)
} else { } else {
CAStore := "System store" CAStore := "System store"
if Server.TLSConfig.ClientCAs != nil { if Server.TLSConfig.ClientCAs != nil {
@@ -70,10 +71,13 @@ func Run(bindAddr, certFile, keyFile, cliCaFile string, cliAuth bool) {
func loadCertificatesFromFile(certFile string) (pool *x509.CertPool, err error) { func loadCertificatesFromFile(certFile string) (pool *x509.CertPool, err error) {
if certFile != "" { if certFile != "" {
caCerts, err := ioutil.ReadFile(certFile) var caCerts []byte
caCerts, err = ioutil.ReadFile(certFile)
if err == nil { if err == nil {
pool = x509.NewCertPool() pool = x509.NewCertPool()
pool.AppendCertsFromPEM(caCerts) if !pool.AppendCertsFromPEM(caCerts) {
err = fmt.Errorf("Invalid certificate file %s", certFile)
}
} }
} }