oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Check if SSL is configured to validate input arguments (#5252)

Browse Source 
This PR handles following situations

- secure endpoints provided, server should fail to start
  if TLS is not configured

- insecure endpoints provided, server starts ignoring
  if TLS is configured or not.

Fixes #5251
master
Harshavardhana 7 years ago committed by Nitish Tiwari
parent 043e030a4a
commit 2755a0b763
2 changed files with 11 additions and 25 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 30
      cmd/endpoint.go
  2. 6
      cmd/server-main.go

30
cmd/endpoint.go
Unescape View File

@ -65,18 +65,9 @@ func (endpoint Endpoint) Type() EndpointType {
return URLEndpointType return URLEndpointType
} }
// SetHTTPS - sets secure http for URLEndpointType. // IsHTTPS - returns true if secure for URLEndpointType.
func (endpoint Endpoint) SetHTTPS() { func (endpoint Endpoint) IsHTTPS() bool {
if endpoint.Host != "" { return endpoint.Scheme == "https"
endpoint.Scheme = "https"
}
}
// SetHTTP - sets insecure http for URLEndpointType.
func (endpoint Endpoint) SetHTTP() {
if endpoint.Host != "" {
endpoint.Scheme = "http"
}
} }
// NewEndpoint - returns new endpoint based on given arguments. // NewEndpoint - returns new endpoint based on given arguments.
@ -190,18 +181,9 @@ func (endpoints EndpointList) Less(i, j int) bool {
return endpoints[i].String() < endpoints[j].String() return endpoints[i].String() < endpoints[j].String()
} }
// SetHTTPS - sets secure http for URLEndpointType. // IsHTTPS - returns true if secure for URLEndpointType.
func (endpoints EndpointList) SetHTTPS() { func (endpoints EndpointList) IsHTTPS() bool {
for i := range endpoints { return endpoints[0].IsHTTPS()
endpoints[i].SetHTTPS()
}
}
// SetHTTP - sets insecure http for URLEndpointType.
func (endpoints EndpointList) SetHTTP() {
for i := range endpoints {
endpoints[i].SetHTTP()
}
} }
// NewEndpointList - returns new endpoint list based on input args. // NewEndpointList - returns new endpoint list based on input args.

6
cmd/server-main.go
Unescape View File

@ -158,6 +158,11 @@ func serverMain(ctx *cli.Context) {
globalPublicCerts, globalRootCAs, globalTLSCertificate, globalIsSSL, err = getSSLConfig() globalPublicCerts, globalRootCAs, globalTLSCertificate, globalIsSSL, err = getSSLConfig()
fatalIf(err, "Invalid SSL certificate file") fatalIf(err, "Invalid SSL certificate file")
// Is distributed setup, error out if no certificates are found for HTTPS endpoints.
if globalIsDistXL && globalEndpoints.IsHTTPS() && !globalIsSSL {
fatalIf(errInvalidArgument, "No certificates found for HTTPS endpoints (%s)", globalEndpoints)
}
if !quietFlag { if !quietFlag {
// Check for new updates from dl.minio.io. // Check for new updates from dl.minio.io.
mode := globalMinioModeFS mode := globalMinioModeFS
@ -182,7 +187,6 @@ func serverMain(ctx *cli.Context) {
initNSLock(globalIsDistXL) initNSLock(globalIsDistXL)
// Configure server. // Configure server.
// Declare handler to avoid lint errors.
var handler http.Handler var handler http.Handler
handler, err = configureServerHandler(globalEndpoints) handler, err = configureServerHandler(globalEndpoints)
fatalIf(err, "Unable to configure one of server's RPC services.") fatalIf(err, "Unable to configure one of server's RPC services.")

Write Preview
Loading…
Cancel
Save