3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-02 16:30:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

tls: fallback to self-signed certificate (#2760)

Browse source 
* tls: fallback to self-signed certificate

* remove unknown domain because certs are no longer valid

* update multi-deployment to use service-specific certificates
This commit is contained in:
Caleb Doxsey 2021-11-15 14:11:53 -07:00 committed by GitHub
parent 9b3d574d48
commit ca48052551
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 46 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

7
pkg/cryptutil/tls.go
View file

@ -55,10 +55,9 @@ func GetCertificateForDomain(certificates []tls.Certificate, domain string) (*tl
}
}
// next use the first cert
if len(certificates) > 0 {
return &certificates[0], nil
}
log.Error(context.Background()).
Str("domain", domain).
Msg("cryptutil: no TLS certificate found for domain, using self-signed certificate")
// finally fall back to a generated, self-signed certificate
return GenerateSelfSignedCertificate(domain)