Commit 00288e68 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Defend better against malformed ssl_proxy_ca_crt

ssl_proxy_ca_crt can be just empty value, and that's not acceptable.
parent c33d973f
...@@ -26,7 +26,7 @@ md5sum = 0851faa528eb4f21330a6f23f77dea7f ...@@ -26,7 +26,7 @@ md5sum = 0851faa528eb4f21330a6f23f77dea7f
[template-caddy-replicate] [template-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = a544bf7586f5945bbf108abe9818c7dd md5sum = 6d7113ebf0c46b0e4c72c128ebb647db
[template-slave-list] [template-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
......
...@@ -141,8 +141,8 @@ context = ...@@ -141,8 +141,8 @@ context =
{% do slave_error_list.append('slave https-url %r invalid' % (slave['https-url'],)) %} {% do slave_error_list.append('slave https-url %r invalid' % (slave['https-url'],)) %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% set ssl_proxy_ca_crt = slave.get('ssl_proxy_ca_crt') %} {% if 'ssl_proxy_ca_crt' in slave %}
{% if ssl_proxy_ca_crt %} {% set ssl_proxy_ca_crt = slave.get('ssl_proxy_ca_crt', '') %}
{% set check_popen = popen([parameter_dict['openssl'], 'x509', '-noout']) %} {% set check_popen = popen([parameter_dict['openssl'], 'x509', '-noout']) %}
{% do check_popen.communicate(ssl_proxy_ca_crt) %} {% do check_popen.communicate(ssl_proxy_ca_crt) %}
{% if check_popen.returncode != 0 %} {% if check_popen.returncode != 0 %}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment