Fail the connection if only one of cert.pem and key.pem exists.

c19b356e · Juliusz Chroboczek · b1babf5b · c19b356e
Commit c19b356e authored Feb 24, 2021 by Juliusz Chroboczek
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

webserver/certificate.go webserver/certificate.go +6 -1

No files found.
--- a/webserver/certificate.go
+++ b/webserver/certificate.go
@@ -5,6 +5,7 @@ import (
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
+	"errors"
 	"log"
 	"math/big"
 	"os"
@@ -73,7 +74,11 @@ func getCertificate(dataDir string) (*tls.Certificate, error) {

 	if !ok || !info.certTime.Equal(certTime) || !info.keyTime.Equal(keyTime) {
 		var cert tls.Certificate
-		if certTime.Equal(time.Time{}) || keyTime.Equal(time.Time{}) {
+		nocert := certTime.Equal(time.Time{})
+		nokey := keyTime.Equal(time.Time{})
+		if nocert != nokey {
+			return nil, errors.New("only one of cert.pem and key.pem exists")
+		} else if nokey {
 			log.Printf("Generating self-signed certificate")
 			var err error
 			cert, err = generateCertificate(dataDir)