Added a check to ensure clientTLS configuration contains either a cert or a key

This commit is contained in:
Alex Antonov 2017-08-25 10:26:02 +02:00 committed by Traefiker
parent 87e6285cf6
commit 98dfd2ba0e
2 changed files with 55 additions and 15 deletions

View file

@ -157,6 +157,11 @@ func (clientTLS *ClientTLS) CreateTLSConfig() (*tls.Config, error) {
cert := tls.Certificate{} cert := tls.Certificate{}
_, errKeyIsFile := os.Stat(clientTLS.Key) _, errKeyIsFile := os.Stat(clientTLS.Key)
if !clientTLS.InsecureSkipVerify && (len(clientTLS.Cert) == 0 || len(clientTLS.Key) == 0) {
return nil, fmt.Errorf("TLS Certificate or Key file must be set when TLS configuration is created")
}
if len(clientTLS.Cert) > 0 && len(clientTLS.Key) > 0 {
if _, errCertIsFile := os.Stat(clientTLS.Cert); errCertIsFile == nil { if _, errCertIsFile := os.Stat(clientTLS.Cert); errCertIsFile == nil {
if errKeyIsFile == nil { if errKeyIsFile == nil {
cert, err = tls.LoadX509KeyPair(clientTLS.Cert, clientTLS.Key) cert, err = tls.LoadX509KeyPair(clientTLS.Cert, clientTLS.Key)
@ -177,6 +182,7 @@ func (clientTLS *ClientTLS) CreateTLSConfig() (*tls.Config, error) {
return nil, fmt.Errorf("tls key is a file, but tls cert is not") return nil, fmt.Errorf("tls key is a file, but tls cert is not")
} }
} }
}
TLSConfig := &tls.Config{ TLSConfig := &tls.Config{
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},

View file

@ -197,6 +197,40 @@ func TestNilClientTLS(t *testing.T) {
} }
} }
func TestInsecureSkipVerifyClientTLS(t *testing.T) {
provider := &myProvider{
BaseProvider{
Filename: "",
},
&ClientTLS{
InsecureSkipVerify: true,
},
}
config, err := provider.TLS.CreateTLSConfig()
if err != nil {
t.Fatal("CreateTLSConfig should assume that consumer does not want a TLS configuration if input is nil")
}
if !config.InsecureSkipVerify {
t.Fatal("CreateTLSConfig should support setting only InsecureSkipVerify property")
}
}
func TestInsecureSkipVerifyFalseClientTLS(t *testing.T) {
provider := &myProvider{
BaseProvider{
Filename: "",
},
&ClientTLS{
InsecureSkipVerify: false,
},
}
_, err := provider.TLS.CreateTLSConfig()
if err == nil {
t.Fatal("CreateTLSConfig should error if consumer does not set a TLS cert or key configuration and not chooses InsecureSkipVerify to be true")
}
t.Log(err)
}
func TestMatchingConstraints(t *testing.T) { func TestMatchingConstraints(t *testing.T) {
cases := []struct { cases := []struct {
constraints types.Constraints constraints types.Constraints