mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
[BUGFIX] Fix incorrect docs and Certificate PEM extensions (#1589)
* add .crt to the PEM extensions scanned for * fix documentation on the extensions allowed * add trace logging to the loading process to help debug in the future
This commit is contained in:
parent
525e08037c
commit
712288555c
|
@ -44,7 +44,7 @@ tls_cert: /config/ssl/cert.pem
|
|||
|
||||
This option defines the location of additional certificates to load into the trust chain specifically for Authelia.
|
||||
This currently affects both the SMTP notifier and the LDAP authentication backend. The certificates should all be in the
|
||||
PEM format and end with the extension `.pem` or `.crt`. You can either add the individual certificates public key
|
||||
PEM format and end with the extension `.pem`, `.crt`, or `.cer`. You can either add the individual certificates public key
|
||||
or the CA public key which signed them (don't add the private key).
|
||||
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/authelia/authelia/internal/configuration/schema"
|
||||
"github.com/authelia/authelia/internal/logging"
|
||||
)
|
||||
|
||||
// NewTLSConfig generates a tls.Config from a schema.TLSConfig and a x509.CertPool.
|
||||
|
@ -35,6 +36,10 @@ func NewX509CertPool(directory string, config *schema.Configuration) (certPool *
|
|||
certPool = x509.NewCertPool()
|
||||
}
|
||||
|
||||
logger := logging.Logger()
|
||||
|
||||
logger.Tracef("Starting scan of directory %s for certificates", directory)
|
||||
|
||||
if directory != "" {
|
||||
certsFileInfo, err := ioutil.ReadDir(directory)
|
||||
if err != nil {
|
||||
|
@ -43,8 +48,12 @@ func NewX509CertPool(directory string, config *schema.Configuration) (certPool *
|
|||
for _, certFileInfo := range certsFileInfo {
|
||||
nameLower := strings.ToLower(certFileInfo.Name())
|
||||
|
||||
if !certFileInfo.IsDir() && (strings.HasSuffix(nameLower, ".cer") || strings.HasSuffix(nameLower, ".pem")) {
|
||||
certBytes, err := ioutil.ReadFile(path.Join(directory, certFileInfo.Name()))
|
||||
if !certFileInfo.IsDir() && (strings.HasSuffix(nameLower, ".cer") || strings.HasSuffix(nameLower, ".crt") || strings.HasSuffix(nameLower, ".pem")) {
|
||||
certPath := path.Join(directory, certFileInfo.Name())
|
||||
|
||||
logger.Tracef("Found possible cert %s, attempting to add it to the pool", certPath)
|
||||
|
||||
certBytes, err := ioutil.ReadFile(certPath)
|
||||
if err != nil {
|
||||
errors = append(errors, fmt.Errorf("could not read certificate %v", err))
|
||||
} else if ok := certPool.AppendCertsFromPEM(certBytes); !ok {
|
||||
|
@ -55,6 +64,8 @@ func NewX509CertPool(directory string, config *schema.Configuration) (certPool *
|
|||
}
|
||||
}
|
||||
|
||||
logger.Tracef("Finished scan of directory %s for certificates", directory)
|
||||
|
||||
// Deprecated. Maps deprecated values to the new ones. TODO: Remove in 4.28.
|
||||
if config != nil && config.Notifier != nil && config.Notifier.SMTP != nil && config.Notifier.SMTP.TrustedCert != "" {
|
||||
nonFatalErrors = append(nonFatalErrors, fmt.Errorf("defining the trusted cert in the SMTP notifier is deprecated and will be removed in 4.28.0, please use the global certificates_directory instead"))
|
||||
|
|
Loading…
Reference in New Issue
Block a user