Check if SSL is configured to validate input arguments (#5252)

This PR handles following situations

- secure endpoints provided, server should fail to start
  if TLS is not configured

- insecure endpoints provided, server starts ignoring
  if TLS is configured or not.

Fixes #5251
This commit is contained in:
Harshavardhana 2017-12-03 22:47:12 -08:00 committed by Nitish Tiwari
parent 043e030a4a
commit 2755a0b763
2 changed files with 11 additions and 25 deletions

View File

@ -65,18 +65,9 @@ func (endpoint Endpoint) Type() EndpointType {
return URLEndpointType
}
// SetHTTPS - sets secure http for URLEndpointType.
func (endpoint Endpoint) SetHTTPS() {
if endpoint.Host != "" {
endpoint.Scheme = "https"
}
}
// SetHTTP - sets insecure http for URLEndpointType.
func (endpoint Endpoint) SetHTTP() {
if endpoint.Host != "" {
endpoint.Scheme = "http"
}
// IsHTTPS - returns true if secure for URLEndpointType.
func (endpoint Endpoint) IsHTTPS() bool {
return endpoint.Scheme == "https"
}
// NewEndpoint - returns new endpoint based on given arguments.
@ -190,18 +181,9 @@ func (endpoints EndpointList) Less(i, j int) bool {
return endpoints[i].String() < endpoints[j].String()
}
// SetHTTPS - sets secure http for URLEndpointType.
func (endpoints EndpointList) SetHTTPS() {
for i := range endpoints {
endpoints[i].SetHTTPS()
}
}
// SetHTTP - sets insecure http for URLEndpointType.
func (endpoints EndpointList) SetHTTP() {
for i := range endpoints {
endpoints[i].SetHTTP()
}
// IsHTTPS - returns true if secure for URLEndpointType.
func (endpoints EndpointList) IsHTTPS() bool {
return endpoints[0].IsHTTPS()
}
// NewEndpointList - returns new endpoint list based on input args.

View File

@ -158,6 +158,11 @@ func serverMain(ctx *cli.Context) {
globalPublicCerts, globalRootCAs, globalTLSCertificate, globalIsSSL, err = getSSLConfig()
fatalIf(err, "Invalid SSL certificate file")
// Is distributed setup, error out if no certificates are found for HTTPS endpoints.
if globalIsDistXL && globalEndpoints.IsHTTPS() && !globalIsSSL {
fatalIf(errInvalidArgument, "No certificates found for HTTPS endpoints (%s)", globalEndpoints)
}
if !quietFlag {
// Check for new updates from dl.minio.io.
mode := globalMinioModeFS
@ -182,7 +187,6 @@ func serverMain(ctx *cli.Context) {
initNSLock(globalIsDistXL)
// Configure server.
// Declare handler to avoid lint errors.
var handler http.Handler
handler, err = configureServerHandler(globalEndpoints)
fatalIf(err, "Unable to configure one of server's RPC services.")