Skip to content

Commit

Permalink
Fix review issues.
Browse files Browse the repository at this point in the history
Fix review issues related to fixing MEN-1660 and MEN-1661.

Changelog: None

Signed-off-by: Marcin Pasinski <marcin.pasinski@northern.tech>
(cherry picked from commit 08ca63c)
  • Loading branch information
pasinskim committed Jan 2, 2018
1 parent 624ee4e commit 2d2623e
Showing 1 changed file with 5 additions and 7 deletions.
12 changes: 5 additions & 7 deletions client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -146,10 +146,6 @@ func newHttpsClient(conf Config) (*http.Client, error) {

trustedcerts, err := loadServerTrust(conf)
if err != nil {
log.Error("Can not open certificate file.")
log.Error("Your /etc/mender/server.crt can not be opened, if you are using " +
"self-signed certificates make sure to include the API Gateway and " +
"Storage Proxy certificates here.")
return nil, errors.Wrapf(err, "cannot initialize server trust")
}

Expand Down Expand Up @@ -178,6 +174,8 @@ type Config struct {

func loadServerTrust(conf Config) (*x509.CertPool, error) {
if conf.ServerCert == "" {
// TODO: this is for pre-production version only to simplify tests.
// Make sure to remove in production version.
log.Warn("Server certificate not provided. Trusting all servers.")
return nil, nil
}
Expand All @@ -190,20 +188,20 @@ func loadServerTrust(conf Config) (*x509.CertPool, error) {
// Read certificate file.
servcert, err := ioutil.ReadFile(conf.ServerCert)
if err != nil {
log.Error("/etc/mender/server.crt is inaccessible.")
log.Errorf("%s is inaccessible: %s", conf.ServerCert, err.Error())
return nil, err
}

if len(servcert) == 0 {
log.Error("/etc/mender/server.crt is empty.")
log.Errorf("Both %s and the system certificate pool are empty.",
conf.ServerCert)
return nil, errors.New("server certificate is empty")
}

block, _ := pem.Decode([]byte(servcert))
if block != nil {
cert, err := x509.ParseCertificate(block.Bytes)
if err == nil {
log.Info("Have correct server certificate.")
log.Infof("API Gateway certificate (in PEM format): \n%s", string(servcert))
log.Infof("Issuer: %s, Valid from: %s, Valid to: %s",
cert.Issuer.Organization, cert.NotBefore, cert.NotAfter)
Expand Down

0 comments on commit 2d2623e

Please sign in to comment.