upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-03 22:02:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

Revert cluster.go change

Browse source
This commit is contained in:
Jeff Mitchell 2018-02-04 20:42:45 -05:00
parent 63efb0e111
commit b8a4dc1e09
1 changed files with 19 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
vault/cluster.go
View file

@ -343,26 +343,28 @@ func (c *Core) ClusterTLSConfig(ctx context.Context) (*tls.Config, error) {
// of clustering as connections come and go
serverLookup := func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
var localCert bytes.Buffer
switch {
default:
var localCert bytes.Buffer
c.clusterParamsLock.RLock()
localCert.Write(c.localClusterCert)
localSigner := c.localClusterPrivateKey
parsedCert := c.localClusterParsedCert
c.clusterParamsLock.RUnlock()
c.clusterParamsLock.RLock()
localCert.Write(c.localClusterCert)
localSigner := c.localClusterPrivateKey
parsedCert := c.localClusterParsedCert
c.clusterParamsLock.RUnlock()
if localCert.Len() == 0 {
return nil, fmt.Errorf("got forwarding connection but no local cert")
if localCert.Len() == 0 {
return nil, fmt.Errorf("got forwarding connection but no local cert")
}
//c.logger.Trace("core: performing cert name lookup", "hello_server_name", clientHello.ServerName, "local_cluster_cert_name", parsedCert.Subject.CommonName)
return &tls.Certificate{
Certificate: [][]byte{localCert.Bytes()},
PrivateKey: localSigner,
Leaf: parsedCert,
}, nil
}
//c.logger.Trace("core: performing cert name lookup", "hello_server_name", clientHello.ServerName, "local_cluster_cert_name", parsedCert.Subject.CommonName)
return &tls.Certificate{
Certificate: [][]byte{localCert.Bytes()},
PrivateKey: localSigner,
Leaf: parsedCert,
}, nil
}
clientLookup := func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) {