Skip to content

Commit

Permalink
config/tls: Fix tls_client parsing
Browse files Browse the repository at this point in the history 
Process a tls_client's child config nodes instead of itself, thus
avoiding unbounded recursion and a stack overflow while parsing a
configuration file.

Also fix the logic that only loads a client keypair when only a
certificate and key are specified.
  • Loading branch information
@AluisioASG @foxcpp
AluisioASG authored and foxcpp committed Mar 27, 2021
1 parent 08401f8 commit d8cabb9
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions framework/config/tls/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ func TLSClientBlock(m *config.Map, node config.Node) (interface{}, error) {
return nil, nil
}, TLSCurvesDirective, &cfg.CurvePreferences)

if _, err := m.Process(); err != nil {
if _, err := childM.Process(); err != nil {
return nil, err
}

Expand All @@ -69,7 +69,7 @@ func TLSClientBlock(m *config.Map, node config.Node) (interface{}, error) {
cfg.RootCAs = pool
}

if certPath != "" || keyPath == "" {
if certPath != "" && keyPath != "" {
keypair, err := tls.LoadX509KeyPair(certPath, keyPath)
if err != nil {
return nil, err
Expand Down

0 comments on commit d8cabb9

Please sign in to comment.