Only generate Vespa TLS variables if client should use TLS

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-06-04 16:53:23 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-07-05 13:14:22 +0200
commit: c5ad4c3f3ec9728b945813c1842d1c978d6e3f4e (patch)
tree: 83a5a5aa5c68c63999e5c0c326fc4c552feaf721 /security-tools
parent: 71e1b5d5029de631f8d27b79952a19125bb81d30 (diff)
1 files changed, 6 insertions, 8 deletions
diff --git a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java
index ae18700246c..367d7b9dd83 100644
--- a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java
+++ b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java
@@ -51,17 +51,15 @@ public class Main {
 
             Map<OutputVariable, String> outputVariables = new TreeMap<>();
             Optional<TransportSecurityOptions> options = TransportSecurityUtils.getOptions(envVars);
-            if (options.isPresent()) {
+            MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars);
+            if (options.isPresent() && mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) {
                 outputVariables.put(OutputVariable.TLS_ENABLED, "1");
                 options.get().getCaCertificatesFile()
                         .ifPresent(caCertFile -> outputVariables.put(OutputVariable.CA_CERTIFICATE, caCertFile.toString()));
-                MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars);
-                if (mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) {
-                    options.get().getCertificatesFile()
-                            .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString()));
-                    options.get().getPrivateKeyFile()
-                            .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString()));
-                }
+                options.get().getCertificatesFile()
+                        .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString()));
+                options.get().getPrivateKeyFile()
+                        .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString()));
             }
             shell.writeOutputVariables(stdOut, outputVariables);
             EnumSet<OutputVariable> unusedVariables = outputVariables.isEmpty()
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-06-04 16:53:23 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-07-05 13:14:22 +0200
commit	c5ad4c3f3ec9728b945813c1842d1c978d6e3f4e (patch)
tree	83a5a5aa5c68c63999e5c0c326fc4c552feaf721 /security-tools
parent	71e1b5d5029de631f8d27b79952a19125bb81d30 (diff)