scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 03:27:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make -client-cert and -client-key work when the server doesn't know (#3568)

Browse Source 
about the CA used to sign the cert.

Stop swallowing an error in meta.

Fixes #2946
This commit is contained in:
Jeff Mitchell
2017-11-10 18:16:50 -05:00
committed by GitHub
parent 8171eedc25
commit 75d88abbb6
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
api/client.go
View File

@@ -177,7 +177,12 @@ func (c *Config) ConfigureTLS(t *TLSConfig) error {
} }
if foundClientCert { if foundClientCert {
clientTLSConfig.Certificates = []tls.Certificate{clientCert} // We use this function to ignore the server's preferential list of
// CAs, otherwise any CA used for the cert auth backend must be in the
// server's CA pool
clientTLSConfig.GetClientCertificate = func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
return &clientCert, nil
}
} }
if t.TLSServerName != "" { if t.TLSServerName != "" {

4
meta/meta.go
View File

@@ -95,7 +95,9 @@ func (m *Meta) Client() (*api.Client, error) {
TLSServerName: "", TLSServerName: "",
Insecure: m.flagInsecure, Insecure: m.flagInsecure,
} }
config.ConfigureTLS(t) if err := config.ConfigureTLS(t); err != nil {
return nil, err
}
} }
// Build the client // Build the client