habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

outposts/ldap: use configured certificate for LDAPS when all providers' certificates are identical

Browse Source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
2022-12-28 19:15:29 +01:00
parent f0e121c064
commit ff13b4bb46
3 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/outpost/ldap/ldap_tls.go
View File

@ -15,6 +15,7 @@ func (ls *LDAPServer) getCertificates(info *tls.ClientHelloInfo) (*tls.Certifica
return ls.providers[0].cert, nil
}
}
allIdenticalCerts := true
for _, provider := range ls.providers {
if provider.tlsServerName == &info.ServerName {
if provider.cert == nil {
@ -23,6 +24,13 @@ func (ls *LDAPServer) getCertificates(info *tls.ClientHelloInfo) (*tls.Certifica
}
return provider.cert, nil
}
if provider.certUUID != ls.providers[0].certUUID {
allIdenticalCerts = false
}
}
if allIdenticalCerts {
ls.log.WithField("server-name", info.ServerName).Debug("all providers have the same keypair, using keypair")
return ls.providers[0].cert, nil
}
ls.log.WithField("server-name", info.ServerName).Debug("Fallback to default cert")
return ls.defaultCert, nil