/tls/ -- add ValidCert, without it being true https is not usable

This commit is contained in:
Eugene Bujak 2019-02-19 15:21:19 +03:00
parent 2748d4c889
commit ba103f9825
2 changed files with 3 additions and 3 deletions

View File

@ -75,6 +75,7 @@ type tlsConfigSettings struct {
// field ordering is not important -- these are for API and are recalculated on each run // field ordering is not important -- these are for API and are recalculated on each run
type tlsConfigStatus struct { type tlsConfigStatus struct {
// certificate status // certificate status
ValidCert bool `yaml:"-" json:"valid_cert"`
ValidChain bool `yaml:"-" json:"valid_chain"` ValidChain bool `yaml:"-" json:"valid_chain"`
Subject string `yaml:"-" json:"subject,omitempty"` Subject string `yaml:"-" json:"subject,omitempty"`
Issuer string `yaml:"-" json:"issuer,omitempty"` Issuer string `yaml:"-" json:"issuer,omitempty"`

View File

@ -1155,6 +1155,8 @@ func validateCertificates(data tlsConfig) tlsConfig {
return data return data
} }
data.ValidCert = true
// spew.Dump(parsedCerts) // spew.Dump(parsedCerts)
opts := x509.VerifyOptions{ opts := x509.VerifyOptions{
@ -1172,9 +1174,6 @@ func validateCertificates(data tlsConfig) tlsConfig {
opts.Intermediates = pool opts.Intermediates = pool
} }
// clear out all warnings and statuses
data.tlsConfigStatus = tlsConfigStatus{}
// TODO: save it as a warning rather than error it out -- shouldn't be a big problem // TODO: save it as a warning rather than error it out -- shouldn't be a big problem
mainCert := parsedCerts[0] mainCert := parsedCerts[0]
_, err := mainCert.Verify(opts) _, err := mainCert.Verify(opts)