From eb0deabd73e4c54dd35092ad54e3e45aa23061e9 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Mon, 9 Apr 2018 19:10:23 -0700 Subject: [PATCH] Fail when TLS is configured and HTTP endpoints are provided (#5771) --- cmd/auth-rpc-client.go | 7 ++++--- cmd/server-main.go | 9 +++++++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/cmd/auth-rpc-client.go b/cmd/auth-rpc-client.go index 39aadd911..a03b2e01e 100644 --- a/cmd/auth-rpc-client.go +++ b/cmd/auth-rpc-client.go @@ -21,7 +21,6 @@ import ( "context" "crypto/tls" "crypto/x509" - "errors" "fmt" "io" "net" @@ -198,6 +197,7 @@ func (authClient *AuthRPCClient) Call(serviceMethod string, args interface { } } } + // gob doesn't provide any typed errors for us to reflect // upon, this is the only way to return proper error. if err != nil && strings.Contains(err.Error(), "gob: wrong type") { @@ -206,6 +206,7 @@ func (authClient *AuthRPCClient) Call(serviceMethod string, args interface { err = errRPCAPIVersionUnsupported } + break } return err @@ -257,7 +258,7 @@ func rpcDial(serverAddr, serviceEndpoint string, secureConn bool) (netRPCClient Op: "dial-http", Net: serverAddr + serviceEndpoint, Addr: nil, - Err: fmt.Errorf("Unable to parse server address <%s>: %s", serverAddr, err), + Err: fmt.Errorf("Unable to parse server address <%s>/<%s>: %s", serverAddr, serviceEndpoint, err), } } // ServerName in tls.Config needs to be specified to support SNI certificates. @@ -313,7 +314,7 @@ func rpcDial(serverAddr, serviceEndpoint string, secureConn bool) (netRPCClient } if resp.Status != connectSuccessMessage { conn.Close() - return nil, errors.New("unexpected HTTP response: " + resp.Status) + return nil, fmt.Errorf("Unexpected HTTP response: %s from %s/%s", resp.Status, serverAddr, serviceEndpoint) } // Initialize rpc client. diff --git a/cmd/server-main.go b/cmd/server-main.go index 74320873b..fcff20edb 100644 --- a/cmd/server-main.go +++ b/cmd/server-main.go @@ -210,8 +210,13 @@ func serverMain(ctx *cli.Context) { logger.FatalIf(err, "Invalid SSL certificate file") // Is distributed setup, error out if no certificates are found for HTTPS endpoints. - if globalIsDistXL && globalEndpoints.IsHTTPS() && !globalIsSSL { - logger.FatalIf(errInvalidArgument, "No certificates found for HTTPS endpoints (%s)", globalEndpoints) + if globalIsDistXL { + if globalEndpoints.IsHTTPS() && !globalIsSSL { + logger.FatalIf(errInvalidArgument, "No certificates found, use HTTP endpoints (%s)", globalEndpoints) + } + if !globalEndpoints.IsHTTPS() && globalIsSSL { + logger.FatalIf(errInvalidArgument, "TLS Certificates found, use HTTPS endpoints (%s)", globalEndpoints) + } } if !quietFlag {