From 749f81373f69e9651582d496a9278564caed7f1f Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Tue, 8 May 2018 21:30:18 -0700 Subject: [PATCH] agent/consul: check nil on getCAProvider result --- agent/consul/connect_ca_endpoint.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/agent/consul/connect_ca_endpoint.go b/agent/consul/connect_ca_endpoint.go index 136cbcb49..619418bab 100644 --- a/agent/consul/connect_ca_endpoint.go +++ b/agent/consul/connect_ca_endpoint.go @@ -157,6 +157,9 @@ func (s *ConnectCA) ConfigurationSet( // Have the old provider cross-sign the new intermediate oldProvider := s.srv.getCAProvider() + if oldProvider == nil { + return fmt.Errorf("internal error: CA provider is nil") + } xcCert, err := oldProvider.CrossSignCA(intermediateCA) if err != nil { return err @@ -283,6 +286,9 @@ func (s *ConnectCA) Sign( } provider := s.srv.getCAProvider() + if provider == nil { + return fmt.Errorf("internal error: CA provider is nil") + } // todo(kyhavlov): more validation on the CSR before signing pem, err := provider.Sign(csr)