Skip to content

Commit

Permalink
TLS config: if only given ssl_ca, create tls config anyways
Browse files Browse the repository at this point in the history
fixes #890
  • Loading branch information
sparrc committed Mar 18, 2016
1 parent f2394b5 commit 061b749
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 18 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
- [#849](https://github.com/influxdata/telegraf/issues/849): Adding ability to parse single values as an input data type.

### Bugfixes
[#890](https://github.com/influxdata/telegraf/issues/890): Create TLS config even if only ssl_ca is provided.

## v0.11.1 [2016-03-17]

Expand Down
37 changes: 19 additions & 18 deletions internal/internal.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,15 +86,15 @@ func GetTLSConfig(
SSLCert, SSLKey, SSLCA string,
InsecureSkipVerify bool,
) (*tls.Config, error) {
t := &tls.Config{}
if SSLCert != "" && SSLKey != "" && SSLCA != "" {
cert, err := tls.LoadX509KeyPair(SSLCert, SSLKey)
if err != nil {
return nil, errors.New(fmt.Sprintf(
"Could not load TLS client key/certificate: %s",
err))
}
if SSLCert == "" && SSLKey == "" && SSLCA == "" && !InsecureSkipVerify {
return nil, nil
}

t := &tls.Config{
InsecureSkipVerify: InsecureSkipVerify,
}

if SSLCA != "" {
caCert, err := ioutil.ReadFile(SSLCA)
if err != nil {
return nil, errors.New(fmt.Sprintf("Could not load TLS CA: %s",
Expand All @@ -103,20 +103,21 @@ func GetTLSConfig(

caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
t.RootCAs = caCertPool
}

t = &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
InsecureSkipVerify: InsecureSkipVerify,
if SSLCert != "" && SSLKey != "" {
cert, err := tls.LoadX509KeyPair(SSLCert, SSLKey)
if err != nil {
return nil, errors.New(fmt.Sprintf(
"Could not load TLS client key/certificate: %s",
err))
}

t.Certificates = []tls.Certificate{cert}
t.BuildNameToCertificate()
} else {
if InsecureSkipVerify {
t.InsecureSkipVerify = true
} else {
return nil, nil
}
}

// will be nil by default if nothing is provided
return t, nil
}
Expand Down

0 comments on commit 061b749

Please sign in to comment.