summaryrefslogtreecommitdiff
path: root/service/http/service.go
diff options
context:
space:
mode:
authorValery Piashchynski <[email protected]>2020-05-18 11:30:47 +0300
committerValery Piashchynski <[email protected]>2020-05-18 11:30:47 +0300
commit22ac24f47ce95a6f8d5319a2ee52be63adcbeb13 (patch)
treee0f0cb02f3c43b052e9b9eac802fd1433d95387f /service/http/service.go
parentb68da150bed6933ceabd73cf3cbc135187f4a2c0 (diff)
fix NPE
Diffstat (limited to 'service/http/service.go')
-rw-r--r--service/http/service.go75
1 files changed, 44 insertions, 31 deletions
diff --git a/service/http/service.go b/service/http/service.go
index d5f51cc9..b260008c 100644
--- a/service/http/service.go
+++ b/service/http/service.go
@@ -4,6 +4,7 @@ import (
"context"
"crypto/tls"
"crypto/x509"
+ "errors"
"fmt"
"github.com/sirupsen/logrus"
"github.com/spiral/roadrunner"
@@ -29,6 +30,8 @@ const (
EventInitSSL = 750
)
+var couldNotAppendPemError = errors.New("could not append Certs from PEM")
+
// http middleware type.
type middleware func(f http.HandlerFunc) http.HandlerFunc
@@ -126,6 +129,12 @@ func (s *Service) Serve() error {
if s.cfg.EnableTLS() {
s.https = s.initSSL()
+ if s.cfg.SSL.RootCA != "" {
+ err := s.appendRootCa()
+ if err != nil {
+ return err
+ }
+ }
if s.cfg.EnableHTTP2() {
if err := s.initHTTP2(); err != nil {
@@ -268,45 +277,49 @@ func (s *Service) ServeHTTP(w http.ResponseWriter, r *http.Request) {
f(w, r)
}
-// Init https server.
-func (s *Service) initSSL() *http.Server {
- // it already checked on Valid step, that file exist
- var server http.Server
- server.TLSConfig.MinVersion = tls.VersionTLS12
-
- if s.cfg.SSL.RootCA != "" {
- rootCAs, err := x509.SystemCertPool()
- if err != nil {
- s.throw(EventInitSSL, nil)
- return nil
- }
- if rootCAs == nil {
- rootCAs = x509.NewCertPool()
- }
+// append RootCA to the https server TLS config
+func (s *Service) appendRootCa() error {
+ rootCAs, err := x509.SystemCertPool()
+ if err != nil {
+ s.throw(EventInitSSL, nil)
+ return nil
+ }
+ if rootCAs == nil {
+ rootCAs = x509.NewCertPool()
+ }
- CA, err := ioutil.ReadFile(s.cfg.SSL.RootCA)
- if err != nil {
- s.throw(EventInitSSL, nil)
- return nil
- }
+ CA, err := ioutil.ReadFile(s.cfg.SSL.RootCA)
+ if err != nil {
+ s.throw(EventInitSSL, nil)
+ return err
+ }
- // should append our CA cert
- rootCAs.AppendCertsFromPEM(CA)
- config := &tls.Config{
- InsecureSkipVerify: false,
- RootCAs: rootCAs,
- }
- server.TLSConfig = config
+ // should append our CA cert
+ ok := rootCAs.AppendCertsFromPEM(CA)
+ if !ok {
+ return couldNotAppendPemError
+ }
+ config := &tls.Config{
+ InsecureSkipVerify: false,
+ RootCAs: rootCAs,
}
+ s.http.TLSConfig = config
- server = http.Server{
+ return nil
+}
+
+// Init https server
+func (s *Service) initSSL() *http.Server {
+ server := &http.Server{
Addr: s.tlsAddr(s.cfg.Address, true),
Handler: s,
+ TLSConfig: &tls.Config{
+ MinVersion: tls.VersionTLS12,
+ },
}
+ s.throw(EventInitSSL, server)
- s.throw(EventInitSSL, &server)
-
- return &server
+ return server
}
// init http/2 server