ftpd: advertise TLS support only if really enabled

if we don't have a global TLS configuration, advertise TLS only on the bindings where it is configured instead of failing at runtime Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-08 07:10:56 +03:00 · 2023-08-21 15:48:29 +02:00
parent 5d4145900f
commit a592e388cd
6 changed files with 56 additions and 15 deletions
--- a/internal/ftpd/server.go
+++ b/internal/ftpd/server.go
@@ -280,6 +280,9 @@ func (s *Server) buildTLSConfig() {
 		if getConfigPath(s.binding.CertificateFile, "") != "" && getConfigPath(s.binding.CertificateKeyFile, "") != "" {
 			certID = s.binding.GetAddress()
 		}
+		if !certMgr.HasCertificate(certID) {
+			return
+		}
 		s.tlsConfig = &tls.Config{
 			GetCertificate: certMgr.GetCertificateFunc(certID),
 			MinVersion:     util.GetTLSVersion(s.binding.MinTLSVersion),