diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-07-08 10:47:50 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-08 10:47:50 +0200 |
commit | a173ee16ceba9c9192b2405887905d7beed3e388 (patch) | |
tree | 3f366655eef7c0e5c9e44551f5f8fc05ef7a5d68 | |
parent | 5cc3d139e621ddf947ecb5bb54fb99a95634c932 (diff) | |
parent | 30fe727e8fdb2e0f1f74bd05a01c6f0cd75aafc0 (diff) |
Merge pull request #9983 from vespa-engine/bjorncs/tls
Bjorncs/tls
-rw-r--r-- | security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java | 14 | ||||
-rwxr-xr-x | security-tools/src/main/sh/vespa-curl-wrapper | 15 |
2 files changed, 12 insertions, 17 deletions
diff --git a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java index ae18700246c..367d7b9dd83 100644 --- a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java +++ b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java @@ -51,17 +51,15 @@ public class Main { Map<OutputVariable, String> outputVariables = new TreeMap<>(); Optional<TransportSecurityOptions> options = TransportSecurityUtils.getOptions(envVars); - if (options.isPresent()) { + MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars); + if (options.isPresent() && mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { outputVariables.put(OutputVariable.TLS_ENABLED, "1"); options.get().getCaCertificatesFile() .ifPresent(caCertFile -> outputVariables.put(OutputVariable.CA_CERTIFICATE, caCertFile.toString())); - MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars); - if (mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { - options.get().getCertificatesFile() - .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString())); - options.get().getPrivateKeyFile() - .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString())); - } + options.get().getCertificatesFile() + .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString())); + options.get().getPrivateKeyFile() + .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString())); } shell.writeOutputVariables(stdOut, outputVariables); EnumSet<OutputVariable> unusedVariables = outputVariables.isEmpty() diff --git a/security-tools/src/main/sh/vespa-curl-wrapper b/security-tools/src/main/sh/vespa-curl-wrapper index 7c2f31d7719..da857984c01 100755 --- a/security-tools/src/main/sh/vespa-curl-wrapper +++ b/security-tools/src/main/sh/vespa-curl-wrapper @@ -6,26 +6,23 @@ set -e -. $(vespa-security-env) +eval $(vespa-security-env) -CURL_PARAMETERS=$1 -CONFIGSERVER_URI_WITHOUT_SCHEME=$2 +CURL_PARAMETERS=("$@") if [ -n "${VESPA_TLS_ENABLED}" ] then - CONFIGSERVER_URI="https://${CONFIGSERVER_URI_WITHOUT_SCHEME}" -else - CONFIGSERVER_URI="http://${CONFIGSERVER_URI_WITHOUT_SCHEME}" + CURL_PARAMETERS=("${CURL_PARAMETERS[@]/http:/https:}") fi if [ -n "${VESPA_TLS_CA_CERT}" ] then - CURL_PARAMETERS="--cacert \"${VESPA_TLS_CA_CERT}\" ${CURL_PARAMETERS}" + CURL_PARAMETERS=("--cacert" "${VESPA_TLS_CA_CERT}" "${CURL_PARAMETERS[@]}") fi if [[ -n "${VESPA_TLS_CERT}" && -n "${VESPA_TLS_PRIVATE_KEY}" ]] then - CURL_PARAMETERS="--cert \"${VESPA_TLS_CERT}\" --key \"${VESPA_TLS_PRIVATE_KEY}\" ${CURL_PARAMETERS}" + CURL_PARAMETERS=("--cert" "${VESPA_TLS_CERT}" "--key" "${VESPA_TLS_PRIVATE_KEY}" "${CURL_PARAMETERS[@]}") fi -curl ${CURL_PARAMETERS} "${CONFIGSERVER_URI}" +curl "${CURL_PARAMETERS[@]}" |