diff --git a/builtin/credential/cert/path_login.go b/builtin/credential/cert/path_login.go index 11e63d75e..dd70e739b 100644 --- a/builtin/credential/cert/path_login.go +++ b/builtin/credential/cert/path_login.go @@ -62,6 +62,9 @@ func (b *backend) pathLoginResolveRole(ctx context.Context, req *logical.Request } func (b *backend) pathLoginAliasLookahead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { + if req.Connection == nil || req.Connection.ConnState == nil { + return nil, fmt.Errorf("tls connection not found") + } clientCerts := req.Connection.ConnState.PeerCertificates if len(clientCerts) == 0 { return nil, fmt.Errorf("no client certificate found") diff --git a/changelog/17904.txt b/changelog/17904.txt new file mode 100644 index 000000000..aa654046b --- /dev/null +++ b/changelog/17904.txt @@ -0,0 +1,3 @@ +```release-note:bug +credential/cert: adds error message if no tls connection is found during the AliasLookahead operation +``` \ No newline at end of file