Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 22:30:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

ftpd: advertise TLS support only if really enabled

Browse Source 
if we don't have a global TLS configuration, advertise TLS only on the
bindings where it is configured instead of failing at runtime

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2023-08-21 15:48:29 +02:00
parent 5d4145900f
commit a592e388cd
6 changed files with 56 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
internal/common/tlsutils.go
View File

@@ -108,6 +108,15 @@ func (m *CertManager) loadCertificates() error {
return nil
}
// HasCertificate returns true if there is a certificate for the specified certID
func (m *CertManager) HasCertificate(certID string) bool {
m.RLock()
defer m.RUnlock()
_, ok := m.certs[certID]
return ok
}
// GetCertificateFunc returns the loaded certificate
func (m *CertManager) GetCertificateFunc(certID string) func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
return func(_ *tls.ClientHelloInfo) (*tls.Certificate, error) {
@@ -136,7 +145,7 @@ func (m *CertManager) IsRevoked(crt *x509.Certificate, caCrt *x509.Certificate)
for _, crl := range m.crls {
if crl.CheckSignatureFrom(caCrt) == nil {
for _, rc := range crl.RevokedCertificates {
for _, rc := range crl.RevokedCertificateEntries {
if rc.SerialNumber.Cmp(crt.SerialNumber) == 0 {
return true
}