From e248d228921243998aca56dab01786e3cb938919 Mon Sep 17 00:00:00 2001 From: Thomas <9749173+uhthomas@users.noreply.github.com> Date: Fri, 1 Sep 2023 15:44:47 +0100 Subject: [PATCH] fix(proxy): don't check TLS file permission (#1880) --- cmd/proxy/main.go | 7 +------ pkg/config/config.go | 24 ------------------------ 2 files changed, 1 insertion(+), 30 deletions(-) diff --git a/cmd/proxy/main.go b/cmd/proxy/main.go index 32fe36927..ffbc327a3 100644 --- a/cmd/proxy/main.go +++ b/cmd/proxy/main.go @@ -40,11 +40,6 @@ func main() { log.Fatal(err) } - cert, key, err := conf.TLSCertFiles() - if err != nil { - log.Fatal(err) - } - srv := &http.Server{ Handler: handler, ReadHeaderTimeout: 2 * time.Second, @@ -94,7 +89,7 @@ func main() { } } - if cert != "" && key != "" { + if conf.TLSCertFile != "" && conf.TLSKeyFile != "" { err = srv.ServeTLS(ln, conf.TLSCertFile, conf.TLSKeyFile) } else { err = srv.Serve(ln) diff --git a/pkg/config/config.go b/pkg/config/config.go index 2c28cc1b3..f0308f4f6 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -215,30 +215,6 @@ func (c *Config) BasicAuth() (user, pass string, ok bool) { return user, pass, ok } -// TLSCertFiles returns certificate and key files and an error if -// both files doesn't exist and have approperiate file permissions. -func (c *Config) TLSCertFiles() (cert, key string, err error) { - if c.TLSCertFile == "" && c.TLSKeyFile == "" { - return "", "", nil - } - - certFile, err := os.Stat(c.TLSCertFile) - if err != nil { - return "", "", fmt.Errorf("could not access TLSCertFile: %w", err) - } - - keyFile, err := os.Stat(c.TLSKeyFile) - if err != nil { - return "", "", fmt.Errorf("could not access TLSKeyFile: %w", err) - } - - if keyFile.Mode()&0o077 != 0 && runtime.GOOS != "windows" { - return "", "", fmt.Errorf("TLSKeyFile should not be accessible by others") - } - - return certFile.Name(), keyFile.Name(), nil -} - // FilterOff returns true if the FilterFile is empty. func (c *Config) FilterOff() bool { return c.FilterFile == ""