tlsutil: fix a panic

UpdateAutoTLSCA would panic if either of the calls errored, because the read lock was being unlocked incorrectly.
2021-06-17 18:59:53 -04:00 · 2021-06-17 18:59:53 -04:00 · c9e53783d0
parent 3717888b30
commit c9e53783d0
2 changed files with 14 additions and 3 deletions
--- a/tlsutil/config.go
+++ b/tlsutil/config.go
@ -268,11 +268,9 @@ func (c *Configurator) UpdateAutoTLSCA(connectCAPems []string) error {
 	pool, err := pool(append(c.manual.caPems, append(c.autoTLS.manualCAPems, connectCAPems...)...))
 	if err != nil {
 		c.lock.RUnlock()
 		return err
 	}
 	if err = c.check(*c.base, pool, c.manual.cert); err != nil {
 		c.lock.RUnlock()
 		return err
 	}
 	c.autoTLS.connectCAPems = connectCAPems
--- a/tlsutil/config_test.go
+++ b/tlsutil/config_test.go
@ -11,9 +11,11 @@ import (
 	"strings"
 	"testing"
-	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/yamux"
 	"github.com/stretchr/testify/require"
 	"github.com/hashicorp/consul/sdk/testutil"
 )
 func startRPCTLSServer(config *Config) (net.Conn, chan error) {
@ -831,6 +833,17 @@ func TestConfigurator_MutualTLSCapable(t *testing.T) {
 	})
 }
 func TestConfigurator_UpdateAutoTLSCA_DoesNotPanic(t *testing.T) {
 	config := Config{
 		Domain: "consul",
 	}
 	c, err := NewConfigurator(config, hclog.New(nil))
 	require.NoError(t, err)
 	err = c.UpdateAutoTLSCA([]string{"invalid pem"})
 	require.Error(t, err)
 }
 func TestConfigurator_VerifyIncomingRPC(t *testing.T) {
 	c := Configurator{base: &Config{
 		VerifyIncomingRPC: true,