MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-05 20:30:32 -04:00
Code Issues Packages Projects Releases Wiki Activity

Check if SSL is configured to validate input arguments (#5252)

Browse Source 
This PR handles following situations

- secure endpoints provided, server should fail to start
  if TLS is not configured

- insecure endpoints provided, server starts ignoring
  if TLS is configured or not.

Fixes #5251
This commit is contained in:
Harshavardhana 2017-12-03 22:47:12 -08:00 committed by Nitish Tiwari
parent 043e030a4a
commit 2755a0b763
2 changed files with 11 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
cmd/endpoint.go
View File

@ -65,18 +65,9 @@ func (endpoint Endpoint) Type() EndpointType {
return URLEndpointType return URLEndpointType
} }
// SetHTTPS - sets secure http for URLEndpointType. // IsHTTPS - returns true if secure for URLEndpointType.
func (endpoint Endpoint) SetHTTPS() { func (endpoint Endpoint) IsHTTPS() bool {
if endpoint.Host != "" { return endpoint.Scheme == "https"
endpoint.Scheme = "https"
}
}
// SetHTTP - sets insecure http for URLEndpointType.
func (endpoint Endpoint) SetHTTP() {
if endpoint.Host != "" {
endpoint.Scheme = "http"
}
} }
// NewEndpoint - returns new endpoint based on given arguments. // NewEndpoint - returns new endpoint based on given arguments.
@ -190,18 +181,9 @@ func (endpoints EndpointList) Less(i, j int) bool {
return endpoints[i].String() < endpoints[j].String() return endpoints[i].String() < endpoints[j].String()
} }
// SetHTTPS - sets secure http for URLEndpointType. // IsHTTPS - returns true if secure for URLEndpointType.
func (endpoints EndpointList) SetHTTPS() { func (endpoints EndpointList) IsHTTPS() bool {
for i := range endpoints { return endpoints[0].IsHTTPS()
endpoints[i].SetHTTPS()
}
}
// SetHTTP - sets insecure http for URLEndpointType.
func (endpoints EndpointList) SetHTTP() {
for i := range endpoints {
endpoints[i].SetHTTP()
}
} }
// NewEndpointList - returns new endpoint list based on input args. // NewEndpointList - returns new endpoint list based on input args.

6
cmd/server-main.go
View File

@ -158,6 +158,11 @@ func serverMain(ctx *cli.Context) {
globalPublicCerts, globalRootCAs, globalTLSCertificate, globalIsSSL, err = getSSLConfig() globalPublicCerts, globalRootCAs, globalTLSCertificate, globalIsSSL, err = getSSLConfig()
fatalIf(err, "Invalid SSL certificate file") fatalIf(err, "Invalid SSL certificate file")
// Is distributed setup, error out if no certificates are found for HTTPS endpoints.
if globalIsDistXL && globalEndpoints.IsHTTPS() && !globalIsSSL {
fatalIf(errInvalidArgument, "No certificates found for HTTPS endpoints (%s)", globalEndpoints)
}
if !quietFlag { if !quietFlag {
// Check for new updates from dl.minio.io. // Check for new updates from dl.minio.io.
mode := globalMinioModeFS mode := globalMinioModeFS
@ -182,7 +187,6 @@ func serverMain(ctx *cli.Context) {
initNSLock(globalIsDistXL) initNSLock(globalIsDistXL)
// Configure server. // Configure server.
// Declare handler to avoid lint errors.
var handler http.Handler var handler http.Handler
handler, err = configureServerHandler(globalEndpoints) handler, err = configureServerHandler(globalEndpoints)
fatalIf(err, "Unable to configure one of server's RPC services.") fatalIf(err, "Unable to configure one of server's RPC services.")