From 3fb668474dfb711ae36d8239e3a924c91a79dc0f Mon Sep 17 00:00:00 2001 From: Anthony Lapenna Date: Thu, 21 Sep 2017 17:19:43 +0200 Subject: [PATCH] fix(tls): fix an issue with TLSConfig ignored when using LDAP StartTLS --- api/crypto/tls.go | 40 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/api/crypto/tls.go b/api/crypto/tls.go index 3d22091d8..976e1a075 100644 --- a/api/crypto/tls.go +++ b/api/crypto/tls.go @@ -12,30 +12,28 @@ import ( func CreateTLSConfiguration(config *portainer.TLSConfiguration) (*tls.Config, error) { TLSConfig := &tls.Config{} - if config.TLS { - if config.TLSCertPath != "" && config.TLSKeyPath != "" { - cert, err := tls.LoadX509KeyPair(config.TLSCertPath, config.TLSKeyPath) - if err != nil { - return nil, err - } - - TLSConfig.Certificates = []tls.Certificate{cert} + if config.TLSCertPath != "" && config.TLSKeyPath != "" { + cert, err := tls.LoadX509KeyPair(config.TLSCertPath, config.TLSKeyPath) + if err != nil { + return nil, err } - if !config.TLSSkipVerify { - caCert, err := ioutil.ReadFile(config.TLSCACertPath) - if err != nil { - return nil, err - } - - caCertPool := x509.NewCertPool() - caCertPool.AppendCertsFromPEM(caCert) - - TLSConfig.RootCAs = caCertPool - } - - TLSConfig.InsecureSkipVerify = config.TLSSkipVerify + TLSConfig.Certificates = []tls.Certificate{cert} } + if !config.TLSSkipVerify { + caCert, err := ioutil.ReadFile(config.TLSCACertPath) + if err != nil { + return nil, err + } + + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(caCert) + + TLSConfig.RootCAs = caCertPool + } + + TLSConfig.InsecureSkipVerify = config.TLSSkipVerify + return TLSConfig, nil }