You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by li...@apache.org on 2019/01/17 08:27:12 UTC
[servicecomb-service-center] branch master updated: SCB-1059 Use
the raw password if decrypt failed (#526)
This is an automated email from the ASF dual-hosted git repository.
littlecui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git
The following commit(s) were added to refs/heads/master by this push:
new dca3854 SCB-1059 Use the raw password if decrypt failed (#526)
dca3854 is described below
commit dca3854f47c24b982a90cb8c2c76bcfa809dc3a4
Author: little-cui <su...@qq.com>
AuthorDate: Thu Jan 17 16:27:08 2019 +0800
SCB-1059 Use the raw password if decrypt failed (#526)
---
server/plugin/pkg/tls/buildin/tls.go | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/server/plugin/pkg/tls/buildin/tls.go b/server/plugin/pkg/tls/buildin/tls.go
index 42b5ddb..cc45b5d 100644
--- a/server/plugin/pkg/tls/buildin/tls.go
+++ b/server/plugin/pkg/tls/buildin/tls.go
@@ -45,21 +45,22 @@ func GetSSLPath(path string) string {
return os.ExpandEnv(filepath.Join("$SSL_ROOT", path))
}
-func GetPassphase() (pass string, decrypt string) {
+func GetPassphase() (decrypt string) {
passphase, err := ioutil.ReadFile(GetSSLPath("cert_pwd"))
if err != nil {
log.Errorf(err, "read file cert_pwd failed.")
}
- pass = util.BytesToStringWithNoCopy(passphase)
- if len(pass) > 0 {
- decrypt, err = plugin.Plugins().Cipher().Decrypt(pass)
+ decrypt = util.BytesToStringWithNoCopy(passphase)
+ if len(decrypt) > 0 {
+ tmp, err := plugin.Plugins().Cipher().Decrypt(decrypt)
if err != nil {
- log.Errorf(err, "decrypt ssl passphase(%d) failed.", len(pass))
- decrypt = ""
+ log.Errorf(err, "decrypt ssl passphase(%d) failed.", len(decrypt))
+ } else {
+ decrypt = tmp
}
}
- return pass, decrypt
+ return decrypt
}
func GetClientTLSConfig() (_ *tls.Config, err error) {
@@ -69,7 +70,7 @@ func GetClientTLSConfig() (_ *tls.Config, err error) {
return clientTLSConfig, nil
}
- passphase, decrypt := GetPassphase()
+ passphase := GetPassphase()
opts := append(tlsutil.DefaultClientTLSOptions(),
tlsutil.WithVerifyPeer(core.ServerInfo.Config.SslVerifyPeer),
@@ -79,7 +80,7 @@ func GetClientTLSConfig() (_ *tls.Config, err error) {
beego.AppConfig.DefaultString("ssl_client_min_version", core.ServerInfo.Config.SslMinVersion)),
tls.VersionTLS12),
tlsutil.WithCipherSuits(tlsutil.ParseDefaultSSLCipherSuites(beego.AppConfig.String("ssl_client_ciphers"))),
- tlsutil.WithKeyPass(decrypt),
+ tlsutil.WithKeyPass(passphase),
tlsutil.WithCA(GetSSLPath("trust.cer")),
tlsutil.WithCert(GetSSLPath("server.cer")),
tlsutil.WithKey(GetSSLPath("server_key.pem")),
@@ -103,13 +104,13 @@ func GetServerTLSConfig() (_ *tls.Config, err error) {
return serverTLSConfig, nil
}
- passphase, decrypt := GetPassphase()
+ passphase := GetPassphase()
opts := append(tlsutil.DefaultServerTLSOptions(),
tlsutil.WithVerifyPeer(core.ServerInfo.Config.SslVerifyPeer),
tlsutil.WithVersion(tlsutil.ParseSSLProtocol(core.ServerInfo.Config.SslMinVersion), tls.VersionTLS12),
tlsutil.WithCipherSuits(tlsutil.ParseDefaultSSLCipherSuites(core.ServerInfo.Config.SslCiphers)),
- tlsutil.WithKeyPass(decrypt),
+ tlsutil.WithKeyPass(passphase),
tlsutil.WithCA(GetSSLPath("trust.cer")),
tlsutil.WithCert(GetSSLPath("server.cer")),
tlsutil.WithKey(GetSSLPath("server_key.pem")),