aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiall Sheridan <nsheridan@gmail.com>2017-01-06 21:00:21 +0000
committerNiall Sheridan <nsheridan@gmail.com>2017-01-06 21:00:21 +0000
commit9aeb1445549ec9a5b890f6df9bcf2952ef94ee03 (patch)
tree8459fc8e286428bbae1b622fbfe7532e944883c4
parent9e9a7d50970f1424245d88169de82988fd57e112 (diff)
Check that tls cert/key are set if use_tls is true
-rw-r--r--README.md4
-rw-r--r--cmd/cashierd/main.go3
2 files changed, 5 insertions, 2 deletions
diff --git a/README.md b/README.md
index a9d68a6..db846d8 100644
--- a/README.md
+++ b/README.md
@@ -100,11 +100,11 @@ For any option that takes a file path as a parameter (e.g. SSH signing key, TLS
- A [Vault](https://www.vaultproject.io) path + key starting with `/vault/` e.g. `/vault/secret/cashier/ssh_signing_key`. You should add a [vault](#vault) config as needed.
## server
-- `use_tls` : boolean. If this is set then `tls_key` and `tls_cert` are required.
+- `use_tls` : boolean. If this is set then either `tls_key` and `tls_cert` are required, or `letsencrypt_servername` is required.
- `tls_key` : string. Path to the TLS key. See the [note](#a-note-on-files) on files above.
- `tls_cert` : string. Path to the TLS cert. See the [note](#a-note-on-files) on files above.
- `letsencrypt_servername`: string. If set will request a certificate from LetsEncrypt. This should match the expected FQDN of the server.
-- `letsencrypt_cachedir: string. Directory to cache the LetsEncrypt certificate.
+- `letsencrypt_cachedir`: string. Directory to cache the LetsEncrypt certificate.
- `address` : string. IP address to listen on. If unset the server listens on all addresses.
- `port` : int. Port to listen on.
- `user` : string. User to which the server drops privileges to.
diff --git a/cmd/cashierd/main.go b/cmd/cashierd/main.go
index 52b6a8b..fb67a36 100644
--- a/cmd/cashierd/main.go
+++ b/cmd/cashierd/main.go
@@ -357,6 +357,9 @@ func main() {
}
tlsConfig.GetCertificate = m.GetCertificate
} else {
+ if conf.Server.TLSCert == "" || conf.Server.TLSKey == "" {
+ log.Fatal("TLS cert or key not specified in config")
+ }
tlsConfig.Certificates = make([]tls.Certificate, 1)
tlsConfig.Certificates[0], err = loadCerts(conf.Server.TLSCert, conf.Server.TLSKey)
if err != nil {