error if tls.key_file or cert_file are missing (#2020)

This commit is contained in:
mmetc 2023-01-26 17:12:59 +01:00 committed by GitHub
parent b0f370bae2
commit 3fb3decf49
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 1 deletions

View file

@ -320,7 +320,13 @@ func (s *APIServer) Run(apiReady chan bool) error {
go func() {
apiReady <- true
log.Infof("CrowdSec Local API listening on %s", s.URL)
if s.TLS != nil && s.TLS.CertFilePath != "" && s.TLS.KeyFilePath != "" {
if s.TLS != nil && (s.TLS.CertFilePath != "" || s.TLS.KeyFilePath != "") {
if s.TLS.KeyFilePath == "" {
log.Fatalf("while serving local API: %v", errors.New("missing TLS key file"))
} else if s.TLS.CertFilePath == "" {
log.Fatalf("while serving local API: %v", errors.New("missing TLS cert file"))
}
if err := s.httpServer.ListenAndServeTLS(s.TLS.CertFilePath, s.TLS.KeyFilePath); err != nil {
log.Fatalf("while serving local API: %v", err)
}

View file

@ -62,6 +62,14 @@ teardown_file() {
setup() {
load "../lib/setup.sh"
config_set '
.api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
.api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
.api.server.tls.ca_cert_path=strenv(tmpdir) + "/inter.pem" |
.api.server.tls.crl_path=strenv(tmpdir) + "/crl.pem" |
.api.server.tls.agents_allowed_ou=["agent-ou"]
'
}
teardown() {
@ -70,6 +78,20 @@ teardown() {
#----------
@test "missing key_file" {
config_set '.api.server.tls.key_file=""'
rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "missing TLS key file"
}
@test "missing cert_file" {
config_set '.api.server.tls.cert_file=""'
rune -1 timeout 2s "${CROWDSEC}"
assert_stderr --partial "missing TLS cert file"
}
@test "invalid OU for agent" {
config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
.ca_cert_path=strenv(tmpdir) + "/bundle.pem" |