diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-06-04 16:53:23 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-07-05 13:14:22 +0200 |
commit | c5ad4c3f3ec9728b945813c1842d1c978d6e3f4e (patch) | |
tree | 83a5a5aa5c68c63999e5c0c326fc4c552feaf721 /security-tools | |
parent | 71e1b5d5029de631f8d27b79952a19125bb81d30 (diff) |
Only generate Vespa TLS variables if client should use TLS
Diffstat (limited to 'security-tools')
-rw-r--r-- | security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java index ae18700246c..367d7b9dd83 100644 --- a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java +++ b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java @@ -51,17 +51,15 @@ public class Main { Map<OutputVariable, String> outputVariables = new TreeMap<>(); Optional<TransportSecurityOptions> options = TransportSecurityUtils.getOptions(envVars); - if (options.isPresent()) { + MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars); + if (options.isPresent() && mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { outputVariables.put(OutputVariable.TLS_ENABLED, "1"); options.get().getCaCertificatesFile() .ifPresent(caCertFile -> outputVariables.put(OutputVariable.CA_CERTIFICATE, caCertFile.toString())); - MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars); - if (mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { - options.get().getCertificatesFile() - .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString())); - options.get().getPrivateKeyFile() - .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString())); - } + options.get().getCertificatesFile() + .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString())); + options.get().getPrivateKeyFile() + .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString())); } shell.writeOutputVariables(stdOut, outputVariables); EnumSet<OutputVariable> unusedVariables = outputVariables.isEmpty() |