3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-31 07:19:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: extra CA and CRL validation

Browse source 
Return an error from DownstreamMTLSSettings.validate() if both CA and
CAFile are populated, or if both CRL and CRLFile are populated.
This commit is contained in:
Kenneth Jenkins 2023-08-10 14:49:36 -07:00
parent 50e6cf7466
commit 0715579fe1
3 changed files with 40 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

7
config/mtls.go
View file

@ -116,10 +116,15 @@ func (s *DownstreamMTLSSettings) GetMaxVerifyDepth() uint32 {
}
func (s *DownstreamMTLSSettings) validate() error {
if _, err := s.GetCA(); err != nil {
if s.CA != "" && s.CAFile != "" {
return errors.New("cannot set both ca and ca_file")
} else if _, err := s.GetCA(); err != nil {
return err
}
if s.CRL != "" && s.CRLFile != "" {
return errors.New("cannot set both crl and crl_file")
}
crl, err := s.GetCRL()
if err != nil {
return err