Fail the connection if only one of cert.pem and key.pem exists.

2024-11-22 08:35:57 +01:00 · 2021-02-24 22:23:38 +01:00 · 2021-02-24 22:23:38 +01:00 · c19b356e54
commit c19b356e54
parent b1babf5b77
1 changed files with 6 additions and 1 deletions
--- a/webserver/certificate.go
+++ b/webserver/certificate.go
@ -5,6 +5,7 @@ import (
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
+	"errors"
 	"log"
 	"math/big"
 	"os"
@ -73,7 +74,11 @@ func getCertificate(dataDir string) (*tls.Certificate, error) {

 	if !ok || !info.certTime.Equal(certTime) || !info.keyTime.Equal(keyTime) {
 		var cert tls.Certificate
-		if certTime.Equal(time.Time{}) || keyTime.Equal(time.Time{}) {
+		nocert := certTime.Equal(time.Time{})
+		nokey := keyTime.Equal(time.Time{})
+		if nocert != nokey {
+			return nil, errors.New("only one of cert.pem and key.pem exists")
+		} else if nokey {
 			log.Printf("Generating self-signed certificate")
 			var err error
 			cert, err = generateCertificate(dataDir)