luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Adding validation for certificates to be proper x509 PEM encoded (#3016)

This commit is contained in:
Gobin Sougrakpam 2017-07-18 00:49:50 +10:00 committed by Jeff Mitchell
parent ce1808f77d
commit 048f2c3ca4
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
builtin/credential/ldap/path_config.go
View File

@ -3,6 +3,7 @@ package ldap
import (
"crypto/tls"
"crypto/x509"
"encoding/pem"
"fmt"
"net"
"net/url"
@ -225,6 +226,15 @@ func (b *backend) newConfigEntry(d *framework.FieldData) (*ConfigEntry, error) {
}
certificate := d.Get("certificate").(string)
if certificate != "" {
block, _ := pem.Decode([]byte(certificate))
if block == nil || block.Type != "CERTIFICATE" {
return nil, fmt.Errorf("failed to decode PEM block in the certificate")
}
_, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, fmt.Errorf("failed to parse certificate %s", err.Error())
}
cfg.Certificate = certificate
}
insecureTLS := d.Get("insecure_tls").(bool)