3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 10:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: deprecate tls_downstream_client_ca (#4461)

Browse source 
Log a deprecation warning for any route where tls_downstream_client_ca
or tls_downstream_client_ca_file is non-empty.
This commit is contained in:
Kenneth Jenkins 2023-08-15 14:38:36 -07:00 committed by GitHub
parent e8b489eb87
commit a2539839d3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config/policy.go
View file

@ -496,7 +496,11 @@ func (p *Policy) Validate() error {
}
}
const clientCADeprecationMsg = "config: %s is deprecated, see https://www.pomerium.com/docs/" +
"reference/routes/tls#tls-downstream-client-certificate-authority for more information"
if p.TLSDownstreamClientCA != "" {
log.Warn(context.Background()).Msgf(clientCADeprecationMsg, "tls_downstream_client_ca")
_, err := base64.StdEncoding.DecodeString(p.TLSDownstreamClientCA)
if err != nil {
return fmt.Errorf("config: couldn't decode downstream client ca: %w", err)
@ -504,6 +508,7 @@ func (p *Policy) Validate() error {
}
if p.TLSDownstreamClientCAFile != "" {
log.Warn(context.Background()).Msgf(clientCADeprecationMsg, "tls_downstream_client_ca_file")
bs, err := os.ReadFile(p.TLSDownstreamClientCAFile)
if err != nil {
return fmt.Errorf("config: couldn't load downstream client ca: %w", err)