Commit cc9c90f5 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Defend better against malformed ssl_proxy_ca_crt

ssl_proxy_ca_crt can be just empty value, and that's not acceptable.
parent 7b6a1d7d
......@@ -26,7 +26,7 @@ md5sum = 0851faa528eb4f21330a6f23f77dea7f
[template-caddy-replicate]
filename = instance-apache-replicate.cfg.in
md5sum = a544bf7586f5945bbf108abe9818c7dd
md5sum = 6d7113ebf0c46b0e4c72c128ebb647db
[template-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
......
......@@ -141,8 +141,8 @@ context =
{% do slave_error_list.append('slave https-url %r invalid' % (slave['https-url'],)) %}
{% endif %}
{% endif %}
{% set ssl_proxy_ca_crt = slave.get('ssl_proxy_ca_crt') %}
{% if ssl_proxy_ca_crt %}
{% if 'ssl_proxy_ca_crt' in slave %}
{% set ssl_proxy_ca_crt = slave.get('ssl_proxy_ca_crt', '') %}
{% set check_popen = popen([parameter_dict['openssl'], 'x509', '-noout']) %}
{% do check_popen.communicate(ssl_proxy_ca_crt) %}
{% if check_popen.returncode != 0 %}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment