TLS config: if only given ssl_ca, create tls config anyways

fixes #890
This commit is contained in:
Cameron Sparr 2016-03-18 10:24:44 -06:00
parent f2394b5a8d
commit 061b749041
2 changed files with 23 additions and 21 deletions

View File

@ -9,6 +9,7 @@
- [#849](https://github.com/influxdata/telegraf/issues/849): Adding ability to parse single values as an input data type. - [#849](https://github.com/influxdata/telegraf/issues/849): Adding ability to parse single values as an input data type.
### Bugfixes ### Bugfixes
[#890](https://github.com/influxdata/telegraf/issues/890): Create TLS config even if only ssl_ca is provided.
## v0.11.1 [2016-03-17] ## v0.11.1 [2016-03-17]

View File

@ -86,15 +86,15 @@ func GetTLSConfig(
SSLCert, SSLKey, SSLCA string, SSLCert, SSLKey, SSLCA string,
InsecureSkipVerify bool, InsecureSkipVerify bool,
) (*tls.Config, error) { ) (*tls.Config, error) {
t := &tls.Config{} if SSLCert == "" && SSLKey == "" && SSLCA == "" && !InsecureSkipVerify {
if SSLCert != "" && SSLKey != "" && SSLCA != "" { return nil, nil
cert, err := tls.LoadX509KeyPair(SSLCert, SSLKey) }
if err != nil {
return nil, errors.New(fmt.Sprintf(
"Could not load TLS client key/certificate: %s",
err))
}
t := &tls.Config{
InsecureSkipVerify: InsecureSkipVerify,
}
if SSLCA != "" {
caCert, err := ioutil.ReadFile(SSLCA) caCert, err := ioutil.ReadFile(SSLCA)
if err != nil { if err != nil {
return nil, errors.New(fmt.Sprintf("Could not load TLS CA: %s", return nil, errors.New(fmt.Sprintf("Could not load TLS CA: %s",
@ -103,20 +103,21 @@ func GetTLSConfig(
caCertPool := x509.NewCertPool() caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert) caCertPool.AppendCertsFromPEM(caCert)
t.RootCAs = caCertPool
t = &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
InsecureSkipVerify: InsecureSkipVerify,
}
t.BuildNameToCertificate()
} else {
if InsecureSkipVerify {
t.InsecureSkipVerify = true
} else {
return nil, nil
}
} }
if SSLCert != "" && SSLKey != "" {
cert, err := tls.LoadX509KeyPair(SSLCert, SSLKey)
if err != nil {
return nil, errors.New(fmt.Sprintf(
"Could not load TLS client key/certificate: %s",
err))
}
t.Certificates = []tls.Certificate{cert}
t.BuildNameToCertificate()
}
// will be nil by default if nothing is provided // will be nil by default if nothing is provided
return t, nil return t, nil
} }