Skip to content

Commit

Permalink
fix(proxy): don't check TLS file permission (#1880)
Browse files Browse the repository at this point in the history
  • Loading branch information
uhthomas authored Sep 1, 2023
1 parent cac9c75 commit e248d22
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 30 deletions.
7 changes: 1 addition & 6 deletions cmd/proxy/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,6 @@ func main() {
log.Fatal(err)
}

cert, key, err := conf.TLSCertFiles()
if err != nil {
log.Fatal(err)
}

srv := &http.Server{
Handler: handler,
ReadHeaderTimeout: 2 * time.Second,
Expand Down Expand Up @@ -94,7 +89,7 @@ func main() {
}
}

if cert != "" && key != "" {
if conf.TLSCertFile != "" && conf.TLSKeyFile != "" {
err = srv.ServeTLS(ln, conf.TLSCertFile, conf.TLSKeyFile)
} else {
err = srv.Serve(ln)
Expand Down
24 changes: 0 additions & 24 deletions pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -215,30 +215,6 @@ func (c *Config) BasicAuth() (user, pass string, ok bool) {
return user, pass, ok
}

// TLSCertFiles returns certificate and key files and an error if
// both files doesn't exist and have approperiate file permissions.
func (c *Config) TLSCertFiles() (cert, key string, err error) {
if c.TLSCertFile == "" && c.TLSKeyFile == "" {
return "", "", nil
}

certFile, err := os.Stat(c.TLSCertFile)
if err != nil {
return "", "", fmt.Errorf("could not access TLSCertFile: %w", err)
}

keyFile, err := os.Stat(c.TLSKeyFile)
if err != nil {
return "", "", fmt.Errorf("could not access TLSKeyFile: %w", err)
}

if keyFile.Mode()&0o077 != 0 && runtime.GOOS != "windows" {
return "", "", fmt.Errorf("TLSKeyFile should not be accessible by others")
}

return certFile.Name(), keyFile.Name(), nil
}

// FilterOff returns true if the FilterFile is empty.
func (c *Config) FilterOff() bool {
return c.FilterFile == ""
Expand Down

0 comments on commit e248d22

Please sign in to comment.