mdeuser commented on a change in pull request #2864: Add the support of
certificate checking for secure mode
URL:
https://github.com/apache/incubator-openwhisk/pull/2864#discussion_r147732560
##########
File path: tools/cli/go-whisk/whisk/client.go
##########
@@ -162,11 +140,62 @@ func NewClient(httpClient *http.Client, config *Config)
(*Client, error) {
return c, nil
}
+func (c *Client) LoadX509KeyPair() error {
+ tlsConfig := &tls.Config {
+ InsecureSkipVerify: c.Config.Insecure,
+ }
+
+ if c.Config.Cert != "" && c.Config.Key != "" {
+ if cert, err := ReadX509KeyPair(c.Config.Cert, c.Config.Key); err ==
nil {
+ tlsConfig.Certificates = []tls.Certificate{cert}
+ } else {
+ errStr := wski18n.T("Unable to load the X509 key pair due to the
following reason: {{.err}}",
+ map[string]interface{}{"err": err})
+ werr := MakeWskError(errors.New(errStr), EXIT_CODE_ERR_GENERAL,
DISPLAY_MSG, NO_DISPLAY_USAGE)
+ return werr
+ }
+ } else if !c.Config.Insecure {
+ if c.Config.Cert == "" {
+ warningStr := wski18n.T("Please configure the missing Cert file, if
there is a security issue accessing the service.\n")
Review comment:
- Debug/tracing strings do not need to be enable for translation
- Can the same message be used for both debug/trace as well as the CLI
response message?
- Nit. Maybe consolidate conditional checking:
```
if !Cert && Key {
...The Cert file is not configured...
} else if Cert && !Key {
...The Key file is not configured...
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
