Merge "[FAB-3759] Fix the msg shown when TLS certs are missing"

hyperledger · May 27, 2017 · a406a66 · a406a66
2 parents efd537e + 791f2ae
commit a406a66
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 19 deletions.
diff --git a/lib/server_test.go b/lib/server_test.go
@@ -253,17 +253,16 @@ func TestIntermediateServer(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Root server start failed: %s", err)
 	}
-	defer rootServer.Stop()
+	defer func() {
+		err = rootServer.Stop()
+		if err != nil {
+			t.Errorf("Root server stop failed: %s", err)
+		}
+	}()
 
 	for idx := 0; idx < 3; idx++ {
 		testIntermediateServer(idx, t)
 	}
-
-	// Stop both servers
-	err = rootServer.Stop()
-	if err != nil {
-		t.Errorf("Root server stop failed: %s", err)
-	}
 }
 
 func TestIntermediateServerWithTLS(t *testing.T) {
@@ -282,17 +281,23 @@ func TestIntermediateServerWithTLS(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Root server start failed: %s", err)
 	}
+	defer func() {
+		err = rootServer.Stop()
+		if err != nil {
+			t.Errorf("Root server stop failed: %s", err)
+		}
+	}()
 
 	parentURL := fmt.Sprintf("https://admin:adminpw@localhost:%d", rootPort)
 	intermediateServer := getServer(intermediatePort, intermediateDir, parentURL, 0, t)
 	if intermediateServer == nil {
 		return
 	}
-	intermediateServer.CA.Config.Intermediate.TLS.CertFiles = []string{"../../testdata/root.pem"}
 	intermediateServer.CA.Config.Intermediate.TLS.Client.CertFile = "../../testdata/tls_client-cert.pem"
 	intermediateServer.CA.Config.Intermediate.TLS.Client.KeyFile = "../../testdata/tls_client-key.pem"
 	intermediateServer.CA.Config.CSR.CN = "intermediateServer"
 
+	// Error case 1: CN specified for intermediate server
 	err = intermediateServer.Start()
 	if err == nil {
 		t.Errorf("CN specified for intermediate server, the server should have failed to start")
@@ -301,23 +306,25 @@ func TestIntermediateServerWithTLS(t *testing.T) {
 	intermediateServer.CA.Config.CSR.CN = ""
 	intermediateServer.CA.Config.CSR.Hosts = []string{"testhost"}
 
+	// Error case 2: tls.certfiles not specified for intermediate server while connecting to parent CA server over TLS
+	err = intermediateServer.Start()
+	if err == nil {
+		t.Errorf("Certfiles not specified for the Intermediate server, the server should have failed to start")
+	}
+
+	// Success case
+	intermediateServer.CA.Config.Intermediate.TLS.CertFiles = []string{"../../testdata/root.pem"}
 	err = intermediateServer.Start()
 	if err != nil {
 		t.Errorf("Intermediate server start failed: %s", err)
 	}
-
 	time.Sleep(time.Second)
 
 	err = intermediateServer.Stop()
 	if err != nil {
 		t.Errorf("Intermediate server stop failed: %s", err)
 	}
 
-	err = rootServer.Stop()
-	if err != nil {
-		t.Errorf("Root server stop failed: %s", err)
-	}
-
 	// Make sure that the hostname was not inserted into the CA certificate
 	err = util.CheckHostsInCert(filepath.Join(intermediateDir, "ca-cert.pem"), "testhost")
 	if err == nil {

diff --git a/lib/tls/tls.go b/lib/tls/tls.go
@@ -78,11 +78,9 @@ func GetClientTLSConfig(cfg *ClientTLSConfig) (*tls.Config, error) {
 	} else {
 		log.Debug("Client TLS certificate and/or key file not provided")
 	}
-
 	rootCAPool := x509.NewCertPool()
-
 	if len(cfg.CertFiles) == 0 {
-		return nil, errors.New("No root CA TLS certificate files provided")
+		return nil, errors.New("No TLS certificate files were provided")
 	}
 
 	for _, cacert := range cfg.CertFiles {

diff --git a/lib/tls/tls_test.go b/lib/tls/tls_test.go
@@ -89,7 +89,7 @@ func TestGetClientTLSConfigInvalidArgs(t *testing.T) {
 	AbsTLSClient(cfg, configDir)
 	_, err = GetClientTLSConfig(cfg)
 	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "No root CA TLS certificate files provided")
+	assert.Contains(t, err.Error(), "No TLS certificate files were provided")
 
 	// 3.
 	cfg = &ClientTLSConfig{
@@ -114,7 +114,7 @@ func TestGetClientTLSConfigInvalidArgs(t *testing.T) {
 	}
 	_, err = GetClientTLSConfig(cfg)
 	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "No root CA TLS certificate files provided")
+	assert.Contains(t, err.Error(), "No TLS certificate files were provided")
 
 	// 5.
 	cfg = &ClientTLSConfig{