Skip to content

Reject --mutual-tls and --client-ca when TLS is not enabled#330

Merged
folbricht merged 1 commit intomasterfrom
fix-mtls-without-tls
Apr 18, 2026
Merged

Reject --mutual-tls and --client-ca when TLS is not enabled#330
folbricht merged 1 commit intomasterfrom
fix-mtls-without-tls

Conversation

@folbricht
Copy link
Copy Markdown
Owner

@folbricht folbricht commented Apr 18, 2026

Summary

--mutual-tls and --client-ca were silently ignored by chunk-server and index-server when --cert/--key were not provided, because the TLS config is only consulted on ListenAndServeTLS. An operator could believe client-certificate authentication was gating access while the server was actually listening on plain HTTP.

Both flags now fail validation at startup in cmdServerOptions.validate() unless TLS is enabled.

@folbricht
Reject --mutual-tls and --client-ca when TLS is not enabled
2ac04ba 
Previously --mutual-tls and --client-ca were silently ignored when
--cert/--key were not provided, which could lead an operator to
believe client certificate authentication was enforcing access
while the server was actually listening on plain HTTP. Both
chunk-server and index-server now refuse to start in that state.
@folbricht folbricht marked this pull request as ready for review April 18, 2026 15:49
@folbricht folbricht merged commit 1577f3b into master Apr 18, 2026
6 checks passed
@folbricht folbricht deleted the fix-mtls-without-tls branch April 18, 2026 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@folbricht