root: redis, make sure tlscacert isn't an empty string (#12407)

* root: redis, make sure tlscacert isn't an empty string * make TLSCaCert a string instead of pointer Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-01-13 19:14:26 +00:00
parent 0befc26507
commit 94eff50306
2 changed files with 11 additions and 11 deletions
--- a/internal/config/struct.go
+++ b/internal/config/struct.go
@ -33,7 +33,7 @@ type RedisConfig struct {
 	Password  string `yaml:"password" env:"PASSWORD, overwrite"`
 	TLS       bool   `yaml:"tls" env:"TLS, overwrite"`
 	TLSReqs   string `yaml:"tls_reqs" env:"TLS_REQS, overwrite"`
-	TLSCaCert *string `yaml:"tls_ca_certs" env:"TLS_CA_CERT, overwrite"`
+	TLSCaCert string `yaml:"tls_ca_certs" env:"TLS_CA_CERT, overwrite"`
 }

 type ListenConfig struct {
--- a/internal/outpost/proxyv2/application/session.go
+++ b/internal/outpost/proxyv2/application/session.go
@ -45,15 +45,15 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
 				break
 			}
 			ca := config.Get().Redis.TLSCaCert
-			if ca != nil {
+			if ca != "" {
 				// Get the SystemCertPool, continue with an empty pool on error
 				rootCAs, _ := x509.SystemCertPool()
 				if rootCAs == nil {
 					rootCAs = x509.NewCertPool()
 				}
-				certs, err := os.ReadFile(*ca)
+				certs, err := os.ReadFile(ca)
 				if err != nil {
-					a.log.WithError(err).Fatalf("Failed to append %s to RootCAs", *ca)
+					a.log.WithError(err).Fatalf("Failed to append %s to RootCAs", ca)
 				}
 				// Append our cert to the system pool
 				if ok := rootCAs.AppendCertsFromPEM(certs); !ok {