/tls/configure -- allow submitting empty certificates and keys to clear them out from config
This commit is contained in:
Eugene Bujak
Eugene Bujak
parent
1dd548c36c
commit
4a14c199d8
12
control.go
12
control.go
|
|
@ -1049,25 +1049,30 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var mainCert *x509.Certificate
|
||||||
|
|
||||||
|
if data.CertificateChain != "" {
|
||||||
certPEM, err := base64.StdEncoding.DecodeString(data.CertificateChain)
|
certPEM, err := base64.StdEncoding.DecodeString(data.CertificateChain)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
httpError(w, http.StatusBadRequest, "Failed to base64-decode certificate chain: %s", err)
|
httpError(w, http.StatusBadRequest, "Failed to base64-decode certificate chain: %s", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.Printf("got certificate: %s", certPEM)
|
||||||
|
|
||||||
|
if data.PrivateKey != "" {
|
||||||
keyPEM, err := base64.StdEncoding.DecodeString(data.PrivateKey)
|
keyPEM, err := base64.StdEncoding.DecodeString(data.PrivateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
httpError(w, http.StatusBadRequest, "Failed to base64-decode private key: %s", err)
|
httpError(w, http.StatusBadRequest, "Failed to base64-decode private key: %s", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("got certificate: %s", certPEM)
|
|
||||||
|
|
||||||
_, err = tls.X509KeyPair(certPEM, keyPEM)
|
_, err = tls.X509KeyPair(certPEM, keyPEM)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
httpError(w, http.StatusBadRequest, "Invalid certificate or key: %s", err)
|
httpError(w, http.StatusBadRequest, "Invalid certificate or key: %s", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// now do a more extended validation
|
// now do a more extended validation
|
||||||
var certs []*pem.Block // PEM-encoded certificates
|
var certs []*pem.Block // PEM-encoded certificates
|
||||||
|
|
@ -1129,10 +1134,12 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
// spew.Dump(chains)
|
// spew.Dump(chains)
|
||||||
|
}
|
||||||
|
|
||||||
config.TLS = data
|
config.TLS = data
|
||||||
|
|
||||||
// update status
|
// update status
|
||||||
|
if mainCert != nil {
|
||||||
config.TLS.StatusCertificate = fmt.Sprintf("Certificate expires on %s", mainCert.NotAfter) //, valid for hostname %s", mainCert.NotAfter, mainCert.Subject.CommonName)
|
config.TLS.StatusCertificate = fmt.Sprintf("Certificate expires on %s", mainCert.NotAfter) //, valid for hostname %s", mainCert.NotAfter, mainCert.Subject.CommonName)
|
||||||
if len(mainCert.DNSNames) == 1 {
|
if len(mainCert.DNSNames) == 1 {
|
||||||
config.TLS.StatusCertificate += fmt.Sprintf(", valid for hostname %s", mainCert.DNSNames[0])
|
config.TLS.StatusCertificate += fmt.Sprintf(", valid for hostname %s", mainCert.DNSNames[0])
|
||||||
|
|
@ -1150,6 +1157,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
|
||||||
config.TLS.Warning = fmt.Sprintf("Your certificate has expired on %s, we recommend you update it immediatedly", mainCert.NotAfter)
|
config.TLS.Warning = fmt.Sprintf("Your certificate has expired on %s, we recommend you update it immediatedly", mainCert.NotAfter)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
httpUpdateConfigReloadDNSReturnOK(w, r)
|
httpUpdateConfigReloadDNSReturnOK(w, r)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue