diff options
| author | zeripath <art27@cantab.net> | 2020-01-19 19:07:44 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-01-19 19:07:44 +0000 |
| commit | 1d7b7504d07e6d58dd7c4a37055a2d754374dee2 (patch) | |
| tree | 8776a6daeb0c6eb5baf78258258ee26d6176a3e8 /modules | |
| parent | 1803b38efcb919e43ab519e0f0e132d461149c39 (diff) | |
| download | gitea-1d7b7504d07e6d58dd7c4a37055a2d754374dee2.tar.gz gitea-1d7b7504d07e6d58dd7c4a37055a2d754374dee2.zip | |
Make CertFile and KeyFile relative to CustomPath (#9868)
* Make CertFile and KeyFile relative to CustomPath
The current code will absolute CertFile and KeyFile against the current working directory. This is quite unexpected for users. This code makes relative paths absolute against the CustomPath.
Fix #4196
* Improve error reporting when reading certificates
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/graceful/server.go | 18 | ||||
| -rw-r--r-- | modules/setting/setting.go | 6 |
2 files changed, 22 insertions, 2 deletions
diff --git a/modules/graceful/server.go b/modules/graceful/server.go index 30fb8cdffa..19ce8a866f 100644 --- a/modules/graceful/server.go +++ b/modules/graceful/server.go @@ -7,6 +7,7 @@ package graceful import ( "crypto/tls" + "io/ioutil" "net" "os" "strings" @@ -99,12 +100,25 @@ func (srv *Server) ListenAndServeTLS(certFile, keyFile string, serve ServeFuncti } config.Certificates = make([]tls.Certificate, 1) - var err error - config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile) + + certPEMBlock, err := ioutil.ReadFile(certFile) if err != nil { log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, srv.network, srv.address, err) return err } + + keyPEMBlock, err := ioutil.ReadFile(keyFile) + if err != nil { + log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, srv.network, srv.address, err) + return err + } + + config.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock) + if err != nil { + log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, srv.network, srv.address, err) + return err + } + return srv.ListenAndServeTLSConfig(config, serve) } diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 17c84d3d31..4183c203ed 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -554,6 +554,12 @@ func NewContext() { Protocol = HTTPS CertFile = sec.Key("CERT_FILE").String() KeyFile = sec.Key("KEY_FILE").String() + if !filepath.IsAbs(CertFile) && len(CertFile) > 0 { + CertFile = filepath.Join(CustomPath, CertFile) + } + if !filepath.IsAbs(KeyFile) && len(KeyFile) > 0 { + KeyFile = filepath.Join(CustomPath, KeyFile) + } case "fcgi": Protocol = FCGI case "fcgi+unix": |