From 2755a0b763ce4190dba65c63e4ea33db5135563b Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Sun, 3 Dec 2017 22:47:12 -0800 Subject: [PATCH] Check if SSL is configured to validate input arguments (#5252) This PR handles following situations - secure endpoints provided, server should fail to start if TLS is not configured - insecure endpoints provided, server starts ignoring if TLS is configured or not. Fixes #5251 --- cmd/endpoint.go | 30 ++++++------------------------ cmd/server-main.go | 6 +++++- 2 files changed, 11 insertions(+), 25 deletions(-) diff --git a/cmd/endpoint.go b/cmd/endpoint.go index 64313943e..f0a3d678d 100644 --- a/cmd/endpoint.go +++ b/cmd/endpoint.go @@ -65,18 +65,9 @@ func (endpoint Endpoint) Type() EndpointType { return URLEndpointType } -// SetHTTPS - sets secure http for URLEndpointType. -func (endpoint Endpoint) SetHTTPS() { - if endpoint.Host != "" { - endpoint.Scheme = "https" - } -} - -// SetHTTP - sets insecure http for URLEndpointType. -func (endpoint Endpoint) SetHTTP() { - if endpoint.Host != "" { - endpoint.Scheme = "http" - } +// IsHTTPS - returns true if secure for URLEndpointType. +func (endpoint Endpoint) IsHTTPS() bool { + return endpoint.Scheme == "https" } // NewEndpoint - returns new endpoint based on given arguments. @@ -190,18 +181,9 @@ func (endpoints EndpointList) Less(i, j int) bool { return endpoints[i].String() < endpoints[j].String() } -// SetHTTPS - sets secure http for URLEndpointType. -func (endpoints EndpointList) SetHTTPS() { - for i := range endpoints { - endpoints[i].SetHTTPS() - } -} - -// SetHTTP - sets insecure http for URLEndpointType. -func (endpoints EndpointList) SetHTTP() { - for i := range endpoints { - endpoints[i].SetHTTP() - } +// IsHTTPS - returns true if secure for URLEndpointType. +func (endpoints EndpointList) IsHTTPS() bool { + return endpoints[0].IsHTTPS() } // NewEndpointList - returns new endpoint list based on input args. diff --git a/cmd/server-main.go b/cmd/server-main.go index 1441b88b8..c6778c7f6 100644 --- a/cmd/server-main.go +++ b/cmd/server-main.go @@ -158,6 +158,11 @@ func serverMain(ctx *cli.Context) { globalPublicCerts, globalRootCAs, globalTLSCertificate, globalIsSSL, err = getSSLConfig() fatalIf(err, "Invalid SSL certificate file") + // Is distributed setup, error out if no certificates are found for HTTPS endpoints. + if globalIsDistXL && globalEndpoints.IsHTTPS() && !globalIsSSL { + fatalIf(errInvalidArgument, "No certificates found for HTTPS endpoints (%s)", globalEndpoints) + } + if !quietFlag { // Check for new updates from dl.minio.io. mode := globalMinioModeFS @@ -182,7 +187,6 @@ func serverMain(ctx *cli.Context) { initNSLock(globalIsDistXL) // Configure server. - // Declare handler to avoid lint errors. var handler http.Handler handler, err = configureServerHandler(globalEndpoints) fatalIf(err, "Unable to configure one of server's RPC services.")