fix(api): refactor TLS support (#1909)

* refactor(api): refactor TLS support * feat(api): migrate endpoint data * refactor(api): remove unused code and rename functions * refactor(app): remove console.log statement
2025-07-24 15:59:41 +02:00 · 2018-05-19 16:25:11 +02:00 · 2018-05-19 16:25:11 +02:00 · 63d338c4da
commit 63d338c4da
parent 5d3f438288
15 changed files with 163 additions and 108 deletions
--- a/api/crypto/tls.go
+++ b/api/crypto/tls.go
@ -4,11 +4,11 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"io/ioutil"
-
-	"github.com/portainer/portainer"
 )

-func CreateTLSConfig(caCert, cert, key []byte, skipClientVerification, skipServerVerification bool) (*tls.Config, error) {
+// CreateTLSConfigurationFromBytes initializes a tls.Config using a CA certificate, a certificate and a key
+// loaded from memory.
+func CreateTLSConfigurationFromBytes(caCert, cert, key []byte, skipClientVerification, skipServerVerification bool) (*tls.Config, error) {
 	config := &tls.Config{}
 	config.InsecureSkipVerify = skipServerVerification

@ -29,32 +29,31 @@ func CreateTLSConfig(caCert, cert, key []byte, skipClientVerification, skipServe
 	return config, nil
 }

-// CreateTLSConfiguration initializes a tls.Config using a CA certificate, a certificate and a key
-func CreateTLSConfiguration(config *portainer.TLSConfiguration) (*tls.Config, error) {
-	TLSConfig := &tls.Config{}
+// CreateTLSConfigurationFromDisk initializes a tls.Config using a CA certificate, a certificate and a key
+// loaded from disk.
+func CreateTLSConfigurationFromDisk(caCertPath, certPath, keyPath string, skipServerVerification bool) (*tls.Config, error) {
+	config := &tls.Config{}
+	config.InsecureSkipVerify = skipServerVerification

-	if config.TLS && config.TLSCertPath != "" && config.TLSKeyPath != "" {
-		cert, err := tls.LoadX509KeyPair(config.TLSCertPath, config.TLSKeyPath)
+	if certPath != "" && keyPath != "" {
+		cert, err := tls.LoadX509KeyPair(certPath, keyPath)
 		if err != nil {
 			return nil, err
 		}

-		TLSConfig.Certificates = []tls.Certificate{cert}
+		config.Certificates = []tls.Certificate{cert}
 	}

-	if config.TLS && !config.TLSSkipVerify {
-		caCert, err := ioutil.ReadFile(config.TLSCACertPath)
+	if !skipServerVerification && caCertPath != "" {
+		caCert, err := ioutil.ReadFile(caCertPath)
 		if err != nil {
 			return nil, err
 		}

 		caCertPool := x509.NewCertPool()
 		caCertPool.AppendCertsFromPEM(caCert)
-
-		TLSConfig.RootCAs = caCertPool
+		config.RootCAs = caCertPool
 	}

-	TLSConfig.InsecureSkipVerify = config.TLSSkipVerify
-
-	return TLSConfig, nil
+	return config, nil
 }