diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d21879133dba..1e2a4856f4130 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ - [#849](https://github.com/influxdata/telegraf/issues/849): Adding ability to parse single values as an input data type. ### Bugfixes +[#890](https://github.com/influxdata/telegraf/issues/890): Create TLS config even if only ssl_ca is provided. ## v0.11.1 [2016-03-17] diff --git a/internal/internal.go b/internal/internal.go index 9c3696c3d382b..8a427909e179f 100644 --- a/internal/internal.go +++ b/internal/internal.go @@ -86,15 +86,15 @@ func GetTLSConfig( SSLCert, SSLKey, SSLCA string, InsecureSkipVerify bool, ) (*tls.Config, error) { - t := &tls.Config{} - if SSLCert != "" && SSLKey != "" && SSLCA != "" { - cert, err := tls.LoadX509KeyPair(SSLCert, SSLKey) - if err != nil { - return nil, errors.New(fmt.Sprintf( - "Could not load TLS client key/certificate: %s", - err)) - } + if SSLCert == "" && SSLKey == "" && SSLCA == "" && !InsecureSkipVerify { + return nil, nil + } + + t := &tls.Config{ + InsecureSkipVerify: InsecureSkipVerify, + } + if SSLCA != "" { caCert, err := ioutil.ReadFile(SSLCA) if err != nil { return nil, errors.New(fmt.Sprintf("Could not load TLS CA: %s", @@ -103,20 +103,21 @@ func GetTLSConfig( caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) + t.RootCAs = caCertPool + } - t = &tls.Config{ - Certificates: []tls.Certificate{cert}, - RootCAs: caCertPool, - InsecureSkipVerify: InsecureSkipVerify, + if SSLCert != "" && SSLKey != "" { + cert, err := tls.LoadX509KeyPair(SSLCert, SSLKey) + if err != nil { + return nil, errors.New(fmt.Sprintf( + "Could not load TLS client key/certificate: %s", + err)) } + + t.Certificates = []tls.Certificate{cert} t.BuildNameToCertificate() - } else { - if InsecureSkipVerify { - t.InsecureSkipVerify = true - } else { - return nil, nil - } } + // will be nil by default if nothing is provided return t, nil }