remote: avoid tls error if both key and cert are not set

Previously, we would explicitly error if all TLS parameters were not
available. However, it is a perfectly valid use case to connect to a
buildkit server that only provides TLS in one direction to verify the
server (which is possible today with buildctl).

To support this use case, we only need to error if only one of key or
cert is set, and the other is not - if both are unspecified, the client
will not present a certificate to the server.

Signed-off-by: Justin Chadwell <me@jedevc.com>
pull/1693/head
Justin Chadwell 2 years ago
parent 624bc064d8
commit 56876ab825

@ -98,12 +98,12 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver
if tls.caCert == "" { if tls.caCert == "" {
missing = append(missing, "cacert") missing = append(missing, "cacert")
} }
if tls.cert == "" { if tls.cert != "" && tls.key == "" {
missing = append(missing, "cert")
}
if tls.key == "" {
missing = append(missing, "key") missing = append(missing, "key")
} }
if tls.key != "" && tls.cert == "" {
missing = append(missing, "cert")
}
if len(missing) > 0 { if len(missing) > 0 {
return nil, errors.Errorf("tls enabled, but missing keys %s", strings.Join(missing, ", ")) return nil, errors.Errorf("tls enabled, but missing keys %s", strings.Join(missing, ", "))
} }

Loading…
Cancel
Save