remote: avoid tls error if both key and cert are not set

Previously, we would explicitly error if all TLS parameters were not available. However, it is a perfectly valid use case to connect to a buildkit server that only provides TLS in one direction to verify the server (which is possible today with buildctl). To support this use case, we only need to error if only one of key or cert is set, and the other is not - if both are unspecified, the client will not present a certificate to the server. Signed-off-by: Justin Chadwell <me@jedevc.com>
2 years ago · 56876ab825
parent 624bc064d8
commit 56876ab825
1 changed files with 4 additions and 4 deletions
--- a/driver/remote/factory.go
+++ b/driver/remote/factory.go
@ -98,12 +98,12 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver
 		if tls.caCert == "" {
 			missing = append(missing, "cacert")
 		}
-		if tls.cert == "" {
-			missing = append(missing, "cert")
-		}
-		if tls.key == "" {
+		if tls.cert != "" && tls.key == "" {
 			missing = append(missing, "key")
 		}
+		if tls.key != "" && tls.cert == "" {
+			missing = append(missing, "cert")
+		}
 		if len(missing) > 0 {
 			return nil, errors.Errorf("tls enabled, but missing keys %s", strings.Join(missing, ", "))
 		}