TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 02:54:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Improve and sync checkSSL functions for CockroachDB and PostgreSQL (#6271)

Browse Source 
* Improve and sync checkSSL functions for cockroach and postgres

* Add missing prefer mode

* Fix missing return in postgres checkSSL on disable
This commit is contained in:
Fabian Haenel 2023-08-14 15:51:33 +02:00 committed by GitHub
parent 133789fee9
commit c5c773531c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/database/cockroach/config.go
View File

@ -15,6 +15,9 @@ import (
const (
sslDisabledMode = "disable"
sslRequireMode = "require"
sslAllowMode = "allow"
sslPreferMode = "prefer"
)
type Config struct {
@ -121,6 +124,11 @@ func (c *Config) checkSSL(user User) {
user.SSL = SSL{Mode: sslDisabledMode}
return
}
if user.SSL.Mode == sslRequireMode || user.SSL.Mode == sslAllowMode || user.SSL.Mode == sslPreferMode {
return
}
if user.SSL.RootCert == "" {
logging.WithFields(
"cert set", user.SSL.Cert != "",

16
internal/database/postgres/config.go
View File

@ -13,6 +13,9 @@ import (
const (
sslDisabledMode = "disable"
sslRequireMode = "require"
sslAllowMode = "allow"
sslPreferMode = "prefer"
)
type Config struct {
@ -113,6 +116,19 @@ type SSL struct {
func (s *Config) checkSSL(user User) {
if user.SSL.Mode == sslDisabledMode || user.SSL.Mode == "" {
user.SSL = SSL{Mode: sslDisabledMode}
return
}
if user.SSL.Mode == sslRequireMode || user.SSL.Mode == sslAllowMode || user.SSL.Mode == sslPreferMode {
return
}
if user.SSL.RootCert == "" {
logging.WithFields(
"cert set", user.SSL.Cert != "",
"key set", user.SSL.Key != "",
"rootCert set", user.SSL.RootCert != "",
).Fatal("at least ssl root cert has to be set")
}
}