RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(configuration): max tls ver not correctly derived (#4428) 

This fixes an issue where the maximum version if unset is derived from the minimum version erroneously.

Fixes #4425
pull/4431/head
James Elliott 2022-11-24 20:32:57 +11:00 committed by GitHub
parent 8a0bd6fedf
commit e1f9718e17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/utils/crypto.go
View File

@ -235,10 +235,10 @@ func IsX509PrivateKey(i any) bool {
}
// NewTLSConfig generates a tls.Config from a schema.TLSConfig and a x509.CertPool.
func NewTLSConfig(config *schema.TLSConfig, caCertPool *x509.CertPool) (tlsConfig *tls.Config) {
func NewTLSConfig(config *schema.TLSConfig, rootCAs *x509.CertPool) (tlsConfig *tls.Config) {
var certificates []tls.Certificate
if config.CertificateChain.HasCertificates() && config.PrivateKey != nil {
if config.PrivateKey != nil && config.CertificateChain.HasCertificates() {
certificates = []tls.Certificate{
{
Certificate: config.CertificateChain.CertificatesRaw(),
@ -252,8 +252,8 @@ func NewTLSConfig(config *schema.TLSConfig, caCertPool *x509.CertPool) (tlsConfi
ServerName: config.ServerName,
InsecureSkipVerify: config.SkipVerify, //nolint:gosec // Informed choice by user. Off by default.
MinVersion: config.MinimumVersion.MinVersion(),
MaxVersion: config.MinimumVersion.MaxVersion(),
RootCAs: caCertPool,
MaxVersion: config.MaximumVersion.MaxVersion(),
RootCAs: rootCAs,
Certificates: certificates,
}
}