github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(tls): fix an issue with TLSConfig ignored when using LDAP StartTLS

pull/1222/head
Anthony Lapenna 2017-09-21 17:19:43 +02:00
parent 1bccd521f8
commit 3fb668474d
1 changed files with 19 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
api/crypto/tls.go
View File

@ -12,30 +12,28 @@ import (
func CreateTLSConfiguration(config *portainer.TLSConfiguration) (*tls.Config, error) { func CreateTLSConfiguration(config *portainer.TLSConfiguration) (*tls.Config, error) {
TLSConfig := &tls.Config{} TLSConfig := &tls.Config{}
if config.TLS { if config.TLSCertPath != "" && config.TLSKeyPath != "" {
if config.TLSCertPath != "" && config.TLSKeyPath != "" { cert, err := tls.LoadX509KeyPair(config.TLSCertPath, config.TLSKeyPath)
cert, err := tls.LoadX509KeyPair(config.TLSCertPath, config.TLSKeyPath) if err != nil {
if err != nil { return nil, err
return nil, err
}
TLSConfig.Certificates = []tls.Certificate{cert}
} }
if !config.TLSSkipVerify { TLSConfig.Certificates = []tls.Certificate{cert}
caCert, err := ioutil.ReadFile(config.TLSCACertPath)
if err != nil {
return nil, err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
TLSConfig.RootCAs = caCertPool
}
TLSConfig.InsecureSkipVerify = config.TLSSkipVerify
} }
if !config.TLSSkipVerify {
caCert, err := ioutil.ReadFile(config.TLSCACertPath)
if err != nil {
return nil, err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
TLSConfig.RootCAs = caCertPool
}
TLSConfig.InsecureSkipVerify = config.TLSSkipVerify
return TLSConfig, nil return TLSConfig, nil
} }