Fix cleartext listeners
We need a nil *tls.Config to setup cleartext listeners.
Fixes: eaed359829
("Add support for TLS listeners")
Closes: https://github.com/emersion/hydroxide/issues/156
This commit is contained in:
parent
eaed359829
commit
5e211c61ac
|
@ -8,21 +8,27 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TLS(certPath string, keyPath string, clientCAPath string) (*tls.Config, error) {
|
func TLS(certPath string, keyPath string, clientCAPath string) (*tls.Config, error) {
|
||||||
tlsConfig := &tls.Config{}
|
var tlsConfig *tls.Config
|
||||||
|
|
||||||
if certPath != "" && keyPath != "" {
|
if certPath != "" && keyPath != "" {
|
||||||
cert, err := tls.LoadX509KeyPair(certPath, keyPath)
|
cert, err := tls.LoadX509KeyPair(certPath, keyPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("error: unable load key pair: %s", err)
|
return nil, fmt.Errorf("unable load key pair: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsConfig.Certificates = []tls.Certificate{cert}
|
tlsConfig = &tls.Config{
|
||||||
|
Certificates: []tls.Certificate{cert},
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if clientCAPath != "" {
|
if clientCAPath != "" {
|
||||||
|
if tlsConfig == nil {
|
||||||
|
return nil, fmt.Errorf("cannot check client certificate without a server certificate and key")
|
||||||
|
}
|
||||||
|
|
||||||
data, err := ioutil.ReadFile(clientCAPath)
|
data, err := ioutil.ReadFile(clientCAPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("error: unable read CA file: %s", err)
|
return nil, fmt.Errorf("unable read CA file: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
pool := x509.NewCertPool()
|
pool := x509.NewCertPool()
|
||||||
|
|
Loading…
Reference in New Issue