Merge pull request cesanta#25 from lindenlab/allow-non-tls-server

Allow non tls server
lpmoon · Aug 29, 2015 · bdd0d52 · bdd0d52
2 parents 6ec6437 + e946750
commit bdd0d52
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 19 deletions.
diff --git a/auth_server/main.go b/auth_server/main.go
@@ -46,20 +46,29 @@ func ServeOnce(c *server.Config, cf string, hd *httpdown.HTTP) (*server.AuthServ
 		glog.Exitf("Failed to create auth server: %s", err)
 	}
 
-	hs := &http.Server{
-		Addr:    c.Server.ListenAddress,
-		Handler: as,
-		TLSConfig: &tls.Config{
+	var tlsConfig *tls.Config
+	if c.Server.CertFile != "" || c.Server.KeyFile != "" {
+		// Check for partial configuration.
+		if c.Server.CertFile == "" || c.Server.KeyFile == "" {
+			glog.Exitf("Failed to load certificate and key: both were not provided")
+		}
+		tlsConfig = &tls.Config{
 			NextProtos:   []string{"http/1.1"},
 			Certificates: make([]tls.Certificate, 1),
-		},
+		}
+		glog.Infof("Cert file: %s", c.Server.CertFile)
+		glog.Infof("Key file : %s", c.Server.KeyFile)
+		tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(c.Server.CertFile, c.Server.KeyFile)
+		if err != nil {
+			glog.Exitf("Failed to load certificate and key: %s", err)
+		}
+	} else {
+		glog.Warning("Running without TLS")
 	}
-
-	glog.Infof("Cert file: %s", c.Server.CertFile)
-	glog.Infof("Key file : %s", c.Server.KeyFile)
-	hs.TLSConfig.Certificates[0], err = tls.LoadX509KeyPair(c.Server.CertFile, c.Server.KeyFile)
-	if err != nil {
-		glog.Exitf("Failed to load certificate and key: %s", err)
+	hs := &http.Server{
+		Addr:      c.Server.ListenAddress,
+		Handler:   as,
+		TLSConfig: tlsConfig,
 	}
 
 	s, err := hd.ListenAndServe(hs)

diff --git a/auth_server/server/config.go b/auth_server/server/config.go
@@ -61,9 +61,6 @@ func validate(c *Config) error {
 	if c.Server.ListenAddress == "" {
 		return errors.New("server.addr is required")
 	}
-	if c.Server.CertFile == "" || c.Server.KeyFile == "" {
-		return errors.New("server certificate and key are required")
-	}
 
 	if c.Token.Issuer == "" {
 		return errors.New("token.issuer is required")
@@ -125,17 +122,38 @@ func LoadConfig(fileName string) (*Config, error) {
 	if err = validate(c); err != nil {
 		return nil, fmt.Errorf("invalid config: %s", err)
 	}
-	c.Server.publicKey, c.Server.privateKey, err = loadCertAndKey(c.Server.CertFile, c.Server.KeyFile)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load server cert and key: %s", err)
+	serverConfigured := false
+	if c.Server.CertFile != "" || c.Server.KeyFile != "" {
+		// Check for partial configuration.
+		if c.Server.CertFile == "" || c.Server.KeyFile == "" {
+			return nil, fmt.Errorf("failed to load server cert and key: both were not provided")
+		}
+		c.Server.publicKey, c.Server.privateKey, err = loadCertAndKey(c.Server.CertFile, c.Server.KeyFile)
+		if err != nil {
+			return nil, fmt.Errorf("failed to load server cert and key: %s", err)
+		}
+		serverConfigured = true
 	}
-	if c.Token.CertFile != "" && c.Token.KeyFile != "" {
+	tokenConfigured := false
+	if c.Token.CertFile != "" || c.Token.KeyFile != "" {
+		// Check for partial configuration.
+		if c.Token.CertFile == "" || c.Token.KeyFile == "" {
+			return nil, fmt.Errorf("failed to load token cert and key: both were not provided")
+		}
 		c.Token.publicKey, c.Token.privateKey, err = loadCertAndKey(c.Token.CertFile, c.Token.KeyFile)
 		if err != nil {
 			return nil, fmt.Errorf("failed to load token cert and key: %s", err)
 		}
-	} else {
+		tokenConfigured = true
+	}
+
+	if serverConfigured && !tokenConfigured {
 		c.Token.publicKey, c.Token.privateKey = c.Server.publicKey, c.Server.privateKey
+		tokenConfigured = true
+	}
+
+	if !tokenConfigured {
+		return nil, fmt.Errorf("failed to load token cert and key: none provided")
 	}
 	return c, nil
 }