fix(configuration): max tls ver not correctly derived (#4428)

This fixes an issue where the maximum version if unset is derived from the minimum version erroneously. Fixes #4425
2022-11-24 20:32:57 +11:00 · 2022-11-24 20:32:57 +11:00 · e1f9718e17
parent 8a0bd6fedf
commit e1f9718e17
1 changed files with 4 additions and 4 deletions
--- a/internal/utils/crypto.go
+++ b/internal/utils/crypto.go
@ -235,10 +235,10 @@ func IsX509PrivateKey(i any) bool {
 }
 // NewTLSConfig generates a tls.Config from a schema.TLSConfig and a x509.CertPool.
-func NewTLSConfig(config *schema.TLSConfig, caCertPool *x509.CertPool) (tlsConfig *tls.Config) {
+func NewTLSConfig(config *schema.TLSConfig, rootCAs *x509.CertPool) (tlsConfig *tls.Config) {
 	var certificates []tls.Certificate
-	if config.CertificateChain.HasCertificates() && config.PrivateKey != nil {
+	if config.PrivateKey != nil && config.CertificateChain.HasCertificates() {
 		certificates = []tls.Certificate{
 			{
 				Certificate: config.CertificateChain.CertificatesRaw(),
@ -252,8 +252,8 @@ func NewTLSConfig(config *schema.TLSConfig, caCertPool *x509.CertPool) (tlsConfi
 		ServerName:         config.ServerName,
 		InsecureSkipVerify: config.SkipVerify, //nolint:gosec // Informed choice by user. Off by default.
 		MinVersion:         config.MinimumVersion.MinVersion(),
-		MaxVersion:         config.MinimumVersion.MaxVersion(),
+		MaxVersion:         config.MaximumVersion.MaxVersion(),
-		RootCAs:            caCertPool,
+		RootCAs:            rootCAs,
 		Certificates:       certificates,
 	}
 }