Addressing feedback requests by wrapping the stat error and switching to a different failure model wherein we will only fail if there is no certificate that was successfully able to be loaded.
This commit is contained in:
Renan DelValle
parent
6cdcbcb5db
commit
c77381ff1f
1 changed files with 18 additions and 11 deletions
29
util.go
29
util.go
|
|
@ -68,12 +68,15 @@ func init() {
|
||||||
AwaitingPulseJobUpdateStates[status] = true
|
AwaitingPulseJobUpdateStates[status] = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
func createCertPool(path string, extensions map[string]struct{}) (*x509.CertPool, error) {
|
|
||||||
certPool := x509.NewCertPool()
|
|
||||||
|
|
||||||
|
// createCertPool will attempt to load certificates into a certificate pool from a given directory.
|
||||||
|
// Only files with an extension contained in the extension map are considered.
|
||||||
|
// This function ignores any files that cannot be read successfully or cannot be added to the certPool
|
||||||
|
// successfully.
|
||||||
|
func createCertPool(path string, extensions map[string]struct{}) (*x509.CertPool, error) {
|
||||||
_, err := os.Stat(path)
|
_, err := os.Stat(path)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.New("given certs path doesn't exist")
|
return nil, errors.Wrap(err, "unable to load certificates")
|
||||||
}
|
}
|
||||||
|
|
||||||
caFiles, err := ioutil.ReadDir(path)
|
caFiles, err := ioutil.ReadDir(path)
|
||||||
|
|
@ -81,10 +84,8 @@ func createCertPool(path string, extensions map[string]struct{}) (*x509.CertPool
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(caFiles) == 0 {
|
certPool := x509.NewCertPool()
|
||||||
return nil, errors.New("no possible certs found in " + path)
|
loadedCerts := 0
|
||||||
}
|
|
||||||
|
|
||||||
for _, cert := range caFiles {
|
for _, cert := range caFiles {
|
||||||
// Skip directories
|
// Skip directories
|
||||||
if cert.IsDir() {
|
if cert.IsDir() {
|
||||||
|
|
@ -96,11 +97,17 @@ func createCertPool(path string, extensions map[string]struct{}) (*x509.CertPool
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
caCert, err := ioutil.ReadFile(filepath.Join(path, cert.Name()))
|
pem, err := ioutil.ReadFile(filepath.Join(path, cert.Name()))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
continue
|
||||||
}
|
}
|
||||||
certPool.AppendCertsFromPEM(caCert)
|
|
||||||
|
if certPool.AppendCertsFromPEM(pem) {
|
||||||
|
loadedCerts++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if loadedCerts == 0 {
|
||||||
|
return nil, errors.New("no certificates were able to be successfully loaded")
|
||||||
}
|
}
|
||||||
return certPool, nil
|
return certPool, nil
|
||||||
}
|
}
|
||||||
|
|
@ -132,7 +139,7 @@ func validateAuroraURL(location string) (string, error) {
|
||||||
return "", errors.Errorf("only protocols http and https are supported %v\n", u.Scheme)
|
return "", errors.Errorf("only protocols http and https are supported %v\n", u.Scheme)
|
||||||
}
|
}
|
||||||
|
|
||||||
// This could theoretically be elsewhwere but we'll be strict for the sake of simplicty
|
// This could theoretically be elsewhere but we'll be strict for the sake of simplicity
|
||||||
if u.Path != apiPath {
|
if u.Path != apiPath {
|
||||||
return "", errors.Errorf("expected /api path %v\n", u.Path)
|
return "", errors.Errorf("expected /api path %v\n", u.Path)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue