Added check to make sure either cert or key is configured when verifi…

…cation is not skipped
traefik · Aug 25, 2017 · 9182956 · 9182956
1 parent 17d9161
commit 9182956
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/provider/provider.go b/provider/provider.go
@@ -157,6 +157,10 @@ func (clientTLS *ClientTLS) CreateTLSConfig() (*tls.Config, error) {
 	cert := tls.Certificate{}
 	_, errKeyIsFile := os.Stat(clientTLS.Key)
 
+	if !clientTLS.InsecureSkipVerify && (len(clientTLS.Cert) == 0 || len(clientTLS.Key) == 0) {
+		return nil, fmt.Errorf("TLS Certificate or Key file must be set when TLS configuration is created")
+	}
+
 	if len(clientTLS.Cert) > 0 && len(clientTLS.Key) > 0 {
 		if _, errCertIsFile := os.Stat(clientTLS.Cert); errCertIsFile == nil {
 			if errKeyIsFile == nil {

diff --git a/provider/provider_test.go b/provider/provider_test.go
@@ -215,6 +215,22 @@ func TestInsecureSkipVerifyClientTLS(t *testing.T) {
 	}
 }
 
+func TestInsecureSkipVerifyFalseClientTLS(t *testing.T) {
+	provider := &myProvider{
+		BaseProvider{
+			Filename: "",
+		},
+		&ClientTLS{
+			InsecureSkipVerify: false,
+		},
+	}
+	_, err := provider.TLS.CreateTLSConfig()
+	if err == nil {
+		t.Fatal("CreateTLSConfig should error if consumer does not set a TLS cert or key configuration and not chooses InsecureSkipVerify to be true")
+	}
+	t.Log(err)
+}
+
 func TestMatchingConstraints(t *testing.T) {
 	cases := []struct {
 		constraints types.Constraints