Rename client backend tls config attr to just 'tls'

For uniformity with the serverutil package. Also, make error checking on client TLS setup a bit stricter.

Rename client backend tls config attr to just 'tls'
232cb4db · ale · 39b1908a · 232cb4db · 232cb4db · 232cb4db
Commit 232cb4db authored 6 years ago by ale
--- a/clientutil/backend.go
+++ b/clientutil/backend.go
@@ -13,7 +13,7 @@ import (
 // 'shard' parameter on their APIs.
 type BackendConfig struct {
 	URL       string           `yaml:"url"`
-	TLSConfig *TLSClientConfig `yaml:"tls_config"`
+	TLSConfig *TLSClientConfig `yaml:"tls"`
 	Sharded   bool             `yaml:"sharded"`
 	Debug     bool             `yaml:"debug"`
 }

--- a/clientutil/tls.go
+++ b/clientutil/tls.go
@@ -2,6 +2,7 @@ package clientutil
 import (
 	"crypto/tls"
+	"errors"
 	common "git.autistici.org/ai3/go-common"
 )
@@ -16,6 +17,10 @@ type TLSClientConfig struct {
 // TLSConfig returns a tls.Config object with the current configuration.
 func (c *TLSClientConfig) TLSConfig() (*tls.Config, error) {
+	if c.Cert == "" || c.Key == "" || c.CA == "" {
+		return nil, errors.New("incomplete client tls specification")
+	}
 	cert, err := tls.LoadX509KeyPair(c.Cert, c.Key)
 	if err != nil {
 		return nil, err
@@ -24,13 +29,11 @@ func (c *TLSClientConfig) TLSConfig() (*tls.Config, error) {
 		Certificates: []tls.Certificate{cert},
 	}
-	if c.CA != "" {
 	cas, err := common.LoadCA(c.CA)
 	if err != nil {
 		return nil, err
 	}
 	tlsConf.RootCAs = cas
-	}
 	tlsConf.BuildNameToCertificate()
 	return tlsConf, nil

--- a/misc.go
+++ b/misc.go
@@ -2,6 +2,7 @@ package common
 import (
 	"crypto/x509"
+	"fmt"
 	"io/ioutil"
 )
@@ -12,6 +13,8 @@ func LoadCA(path string) (*x509.CertPool, error) {
 		return nil, err
 	}
 	cas := x509.NewCertPool()
-	cas.AppendCertsFromPEM(data)
+	if !cas.AppendCertsFromPEM(data) {
+		return nil, fmt.Errorf("no certificates could be parsed in %s", path)
+	}
 	return cas, nil
 }