SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Load client certs early to detect misconfiguration

Browse source 
* Move loading of client certificate into the TLS handling code
   to an earlier position.
This commit is contained in:
Sascha L. Teichmann 2022-07-26 18:00:07 +02:00 committed by GitHub
parent be15d43dd3
commit 1241429d19
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cmd/csaf_checker/processor.go
View file

@ -359,12 +359,8 @@ func (p *processor) httpClient() util.Client {
tlsConfig.InsecureSkipVerify = true
}
if p.opts.ClientCert != nil && p.opts.ClientKey != nil {
cert, err := tls.LoadX509KeyPair(*p.opts.ClientCert, *p.opts.ClientKey)
if err != nil {
log.Fatal(err)
}
tlsConfig.Certificates = []tls.Certificate{cert}
if len(p.opts.clientCerts) != 0 {
tlsConfig.Certificates = p.opts.clientCerts
}
hClient.Transport = &http.Transport{