a
/
badguardhome
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Don't keep certificates and keys encoded with base64 in yaml config

This commit is contained in:
Eugene Bujak 2019-02-12 17:23:03 +03:00 committed by Eugene Bujak
parent 35b5f4b48b
commit 0aeca6bbf5
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
control.go
View File

@ -1034,6 +1034,14 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
// ---
func handleTLSStatus(w http.ResponseWriter, r *http.Request) {
data := config.TLS
if data.CertificateChain != "" {
encoded := base64.StdEncoding.EncodeToString([]byte(data.CertificateChain))
data.CertificateChain = string(encoded)
}
if data.PrivateKey != "" {
encoded := base64.StdEncoding.EncodeToString([]byte(data.PrivateKey))
data.PrivateKey = string(encoded)
}
err := json.NewEncoder(w).Encode(&data)
if err != nil {
httpError(w, http.StatusInternalServerError, "Failed to marshal json with TLS status: %s", err)
@ -1057,6 +1065,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
httpError(w, http.StatusBadRequest, "Failed to base64-decode certificate chain: %s", err)
return
}
data.CertificateChain = string(certPEM)
log.Printf("got certificate: %s", certPEM)
@ -1067,6 +1076,8 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
return
}
data.PrivateKey = string(keyPEM)
_, err = tls.X509KeyPair(certPEM, keyPEM)
if err != nil {
httpError(w, http.StatusBadRequest, "Invalid certificate or key: %s", err)