upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-09 00:33:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Better error messages.

Browse source
This commit is contained in:
Karl Gutwin 2015-06-30 08:59:38 -04:00
parent c26fca9180
commit 67993efeb0
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
builtin/credential/cert/path_login.go
View file

@ -46,7 +46,7 @@ func (b *backend) pathLogin(
// If no trusted chain was found, client is not authenticated
if len(trustedChains) == 0 {
return logical.ErrorResponse("invalid certificate"), nil
return logical.ErrorResponse("invalid certificate or no client certificate supplied"), nil
}
// Match the trusted chain with the policy

4
command/meta.go
View file

@ -113,12 +113,14 @@ func (m *Meta) Client() (*api.Client, error) {
RootCAs: certPool,
}
if m.flagClientCert != "" {
if m.flagClientCert != "" && m.flagClientKey != "" {
tlsCert, err := tls.LoadX509KeyPair(m.flagClientCert, m.flagClientKey)
if err != nil {
return nil, err
}
tlsConfig.Certificates = []tls.Certificate{tlsCert}
} else if m.flagClientCert != "" || m.flagClientKey != "" {
return nil, fmt.Errorf("Both client cert and client key must be provided")
}
client := *http.DefaultClient