3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 08:50:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: use insecure skip verify if derived certificates are not used (#3861)

Browse source
This commit is contained in:
Caleb Doxsey 2023-01-11 13:50:51 -07:00 committed by GitHub
parent 04a82813f3
commit da46b4a47d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 52 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

17
config/config.go
View file

@ -189,6 +189,23 @@ func (cfg *Config) GetCertificateForServerName(serverName string) (*tls.Certific
return cryptutil.GenerateSelfSignedCertificate(serverName)
}
// WillHaveCertificateForServerName returns true if there will be a certificate for the given server name.
func (cfg *Config) WillHaveCertificateForServerName(serverName string) (bool, error) {
certificates, err := cfg.AllCertificates()
if err != nil {
return false, err
}
// first try a direct name match
for i := range certificates {
if cryptutil.MatchesServerName(&certificates[i], serverName) {
return true, nil
}
}
return cfg.Options.DeriveInternalDomainCert != nil, nil
}
// GetCertificatePool gets the certificate pool for the config.
func (cfg *Config) GetCertificatePool() (*x509.CertPool, error) {
pool, err := cryptutil.GetCertPool(cfg.Options.CA, cfg.Options.CAFile)