Skip to content

Commit

Permalink
Revert "Cherry-pick elastic#12355 to 7.1: Enforce presence of Certifi…
Browse files Browse the repository at this point in the history
…cate Authorities, Certificate file and Key when using LoadTLSServerConfig (elastic#12364)" (elastic#12398)

This reverts commit 6d567ae.
  • Loading branch information
ph authored Jun 4, 2019
1 parent 612bab4 commit 66a38ca
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 65 deletions.
1 change: 0 additions & 1 deletion CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,6 @@ https://github.com/elastic/beats/compare/v7.1.1...7.1[Check the HEAD diff]
- Fix memory leak in Filebeat pipeline acker. {pull}12063[12063]
- Fix goroutine leak on non-explicit finalization of log input. {pull}12164[12164]
- Require client_auth by default when ssl is enabled for tcp input {pull}12333[12333]
- Require certificate authorities, certificate file, and key when SSL is enabled for the TCP input. {pull}12355[12355]

*Heartbeat*

Expand Down
7 changes: 0 additions & 7 deletions libbeat/common/transport/tlscommon/server_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ package tlscommon

import (
"crypto/tls"
"errors"

"github.com/joeshaw/multierror"

Expand Down Expand Up @@ -92,7 +91,6 @@ func LoadTLSServerConfig(config *ServerConfig) (*TLSConfig, error) {
}, nil
}

// Unpack unpacks the TLS Server configuration.
func (c *ServerConfig) Unpack(cfg common.Config) error {
clientAuthKey := "client_authentication"
if !cfg.HasField(clientAuthKey) {
Expand All @@ -103,11 +101,6 @@ func (c *ServerConfig) Unpack(cfg common.Config) error {
if err := cfg.Unpack(&sCfg); err != nil {
return err
}

if sCfg.VerificationMode != VerifyNone && len(sCfg.CAs) == 0 {
return errors.New("certificate_authorities not configured")
}

*c = ServerConfig(sCfg)
return nil
}
Expand Down
61 changes: 4 additions & 57 deletions libbeat/common/transport/tlscommon/tls_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -167,15 +167,9 @@ func TestApplyWithConfig(t *testing.T) {
}

func TestServerConfigDefaults(t *testing.T) {
yamlStr := `
certificate: ca_test.pem
key: ca_test.key
certificate_authorities: [ca_test.pem]
`
var c ServerConfig
config, err := common.NewConfigWithYAML([]byte(yamlStr), "")
require.NoError(t, err)
err = config.Unpack(&c)
config := common.MustNewConfigFrom([]byte(``))
err := config.Unpack(&c)
require.NoError(t, err)
tmp, err := LoadTLSServerConfig(&c)
require.NoError(t, err)
Expand All @@ -184,8 +178,8 @@ func TestServerConfigDefaults(t *testing.T) {

assert.NotNil(t, cfg)
// values not set by default
assert.Len(t, cfg.Certificates, 1)
assert.NotNil(t, cfg.ClientCAs)
assert.Len(t, cfg.Certificates, 0)
assert.Nil(t, cfg.ClientCAs)
assert.Len(t, cfg.CipherSuites, 0)
assert.Len(t, cfg.CurvePreferences, 0)
// values set by default
Expand All @@ -195,53 +189,6 @@ func TestServerConfigDefaults(t *testing.T) {
assert.Equal(t, tls.RequireAndVerifyClientCert, cfg.ClientAuth)
}

func TestServerConfigSkipCACertificateAndKeyWhenVerifyNone(t *testing.T) {
yamlStr := `
verification_mode: none
`
var c ServerConfig
config, err := common.NewConfigWithYAML([]byte(yamlStr), "")
require.NoError(t, err)
err = config.Unpack(&c)
require.NoError(t, err)
}

func TestServerConfigEnsureCA(t *testing.T) {
yamlStr := `
certificate: ca_test.pem
key: ca_test.key
`
var c ServerConfig
config, err := common.NewConfigWithYAML([]byte(yamlStr), "")
require.NoError(t, err)
err = config.Unpack(&c)
require.Error(t, err)
}

func TestServerConfigCertificateKey(t *testing.T) {
yamlStr := `
certificate: ca_test.pem
certificate_authorities: [ca_test.pem]
`
var c ServerConfig
config, err := common.NewConfigWithYAML([]byte(yamlStr), "")
require.NoError(t, err)
err = config.Unpack(&c)
require.Error(t, err)
}

func TestServerConfigCertificate(t *testing.T) {
yamlStr := `
key: ca_test.key
certificate_authorities: [ca_test.pem]
`
var c ServerConfig
config, err := common.NewConfigWithYAML([]byte(yamlStr), "")
require.NoError(t, err)
err = config.Unpack(&c)
require.Error(t, err)
}

func TestApplyWithServerConfig(t *testing.T) {
yamlStr := `
certificate: ca_test.pem
Expand Down

0 comments on commit 66a38ca

Please sign in to comment.