From 232cb4db4b1a9c57075dcdab7f2d8dfdf7590ce5 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Tue, 28 Aug 2018 07:59:35 +0100
Subject: [PATCH] Rename client backend tls config attr to just 'tls'

For uniformity with the serverutil package. Also, make error checking
on client TLS setup a bit stricter.
---
 clientutil/backend.go |  2 +-
 clientutil/tls.go     | 15 +++++++++------
 misc.go               |  5 ++++-
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/clientutil/backend.go b/clientutil/backend.go
index 6580d0e..9e08fa0 100644
--- a/clientutil/backend.go
+++ b/clientutil/backend.go
@@ -13,7 +13,7 @@ import (
 // 'shard' parameter on their APIs.
 type BackendConfig struct {
 	URL       string           `yaml:"url"`
-	TLSConfig *TLSClientConfig `yaml:"tls_config"`
+	TLSConfig *TLSClientConfig `yaml:"tls"`
 	Sharded   bool             `yaml:"sharded"`
 	Debug     bool             `yaml:"debug"`
 }
diff --git a/clientutil/tls.go b/clientutil/tls.go
index 6eb0749..7974525 100644
--- a/clientutil/tls.go
+++ b/clientutil/tls.go
@@ -2,6 +2,7 @@ package clientutil
 
 import (
 	"crypto/tls"
+	"errors"
 
 	common "git.autistici.org/ai3/go-common"
 )
@@ -16,6 +17,10 @@ type TLSClientConfig struct {
 
 // TLSConfig returns a tls.Config object with the current configuration.
 func (c *TLSClientConfig) TLSConfig() (*tls.Config, error) {
+	if c.Cert == "" || c.Key == "" || c.CA == "" {
+		return nil, errors.New("incomplete client tls specification")
+	}
+
 	cert, err := tls.LoadX509KeyPair(c.Cert, c.Key)
 	if err != nil {
 		return nil, err
@@ -24,13 +29,11 @@ func (c *TLSClientConfig) TLSConfig() (*tls.Config, error) {
 		Certificates: []tls.Certificate{cert},
 	}
 
-	if c.CA != "" {
-		cas, err := common.LoadCA(c.CA)
-		if err != nil {
-			return nil, err
-		}
-		tlsConf.RootCAs = cas
+	cas, err := common.LoadCA(c.CA)
+	if err != nil {
+		return nil, err
 	}
+	tlsConf.RootCAs = cas
 	tlsConf.BuildNameToCertificate()
 
 	return tlsConf, nil
diff --git a/misc.go b/misc.go
index 582af3f..cd7f15e 100644
--- a/misc.go
+++ b/misc.go
@@ -2,6 +2,7 @@ package common
 
 import (
 	"crypto/x509"
+	"fmt"
 	"io/ioutil"
 )
 
@@ -12,6 +13,8 @@ func LoadCA(path string) (*x509.CertPool, error) {
 		return nil, err
 	}
 	cas := x509.NewCertPool()
-	cas.AppendCertsFromPEM(data)
+	if !cas.AppendCertsFromPEM(data) {
+		return nil, fmt.Errorf("no certificates could be parsed in %s", path)
+	}
 	return cas, nil
 }
-- 
GitLab