habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

root: redis, make sure tlscacert isn't an empty string (#12407)

Browse Source 
* root: redis, make sure tlscacert isn't an empty string

* make TLSCaCert a string instead of pointer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Andrea Scarpino
2025-01-13 19:14:26 +00:00
committed by GitHub
parent 0befc26507
commit 94eff50306
2 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/config/struct.go
View File

@ -26,14 +26,14 @@ type Config struct {
} }
type RedisConfig struct { type RedisConfig struct {
Host string `yaml:"host" env:"HOST, overwrite"` Host string `yaml:"host" env:"HOST, overwrite"`
Port int `yaml:"port" env:"PORT, overwrite"` Port int `yaml:"port" env:"PORT, overwrite"`
DB int `yaml:"db" env:"DB, overwrite"` DB int `yaml:"db" env:"DB, overwrite"`
Username string `yaml:"username" env:"USERNAME, overwrite"` Username string `yaml:"username" env:"USERNAME, overwrite"`
Password string `yaml:"password" env:"PASSWORD, overwrite"` Password string `yaml:"password" env:"PASSWORD, overwrite"`
TLS bool `yaml:"tls" env:"TLS, overwrite"` TLS bool `yaml:"tls" env:"TLS, overwrite"`
TLSReqs string `yaml:"tls_reqs" env:"TLS_REQS, overwrite"` TLSReqs string `yaml:"tls_reqs" env:"TLS_REQS, overwrite"`
TLSCaCert *string `yaml:"tls_ca_certs" env:"TLS_CA_CERT, overwrite"` TLSCaCert string `yaml:"tls_ca_certs" env:"TLS_CA_CERT, overwrite"`
} }
type ListenConfig struct { type ListenConfig struct {

6
internal/outpost/proxyv2/application/session.go
View File

@ -45,15 +45,15 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
break break
} }
ca := config.Get().Redis.TLSCaCert ca := config.Get().Redis.TLSCaCert
if ca != nil { if ca != "" {
// Get the SystemCertPool, continue with an empty pool on error // Get the SystemCertPool, continue with an empty pool on error
rootCAs, _ := x509.SystemCertPool() rootCAs, _ := x509.SystemCertPool()
if rootCAs == nil { if rootCAs == nil {
rootCAs = x509.NewCertPool() rootCAs = x509.NewCertPool()
} }
certs, err := os.ReadFile(*ca) certs, err := os.ReadFile(ca)
if err != nil { if err != nil {
a.log.WithError(err).Fatalf("Failed to append %s to RootCAs", *ca) a.log.WithError(err).Fatalf("Failed to append %s to RootCAs", ca)
} }
// Append our cert to the system pool // Append our cert to the system pool
if ok := rootCAs.AppendCertsFromPEM(certs); !ok { if ok := rootCAs.AppendCertsFromPEM(certs); !ok {