Skip to content

Expand tilde in SSL certificate paths #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
digiserg merged 3 commits into from
Feb 9, 2026
Merged

Expand tilde in SSL certificate paths #73

digiserg merged 3 commits into from
Feb 9, 2026

Conversation

@digiserg
Copy link
Contributor

@digiserg digiserg commented Feb 6, 2026

Summary

  • Add expandPath helper function that expands ~ to the user's home directory
  • Apply path expansion to CertPath, KeyPath, and CAPath before loading SSL certificates
  • Use $HOME environment variable with fallback to os.UserHomeDir() for robustness

Test plan

  • Verify SSL connection works with paths using ~ (e.g., ~/.cassandra/cqlsh.crt)
  • Verify SSL connection still works with absolute paths
  • Verify behavior when $HOME is not set (uses os.UserHomeDir() fallback)

Fixes #72

@digiserg
Expand tilde in SSL certificate paths
e87f6a5 
Add expandPath helper function to expand ~ to the user's home directory
when loading SSL certificates. This fixes the issue where relative paths
like ~/.cassandra/cqlsh.crt were not being found because the tilde was
not expanded to the actual home directory path.

Fixes #72
@digiserg digiserg linked an issue Feb 6, 2026 that may be closed by this pull request
Cannot use relative paths for SSL certs #72
Closed
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 6, 2026
View reviewed changes
@digiserg digiserg requested a review from hshimizu February 6, 2026 15:34
@digiserg
Add nosec annotation for trusted config path
9ae5622 
The G304 warning is suppressed because the CA certificate path comes
from trusted user configuration, not untrusted input.
@digiserg digiserg requested review from millerjp and rgooding February 9, 2026 09:57
rgooding
rgooding reviewed Feb 9, 2026
View reviewed changes
internal/db/db.go Outdated

// expandPath expands ~ to the user's home directory
func expandPath(path string) string {
if strings.HasPrefix(path, "~") {
Copy link

@rgooding rgooding Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For safety is it maybe worth checking that the path starts with ~/ rather than just ~?

@digiserg digiserg merged commit 6421cfb into main Feb 9, 2026
15 checks passed
@digiserg digiserg deleted the 72-cannot-use-relative-paths-for-ssl-certs branch February 9, 2026 17:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rgooding rgooding rgooding approved these changes

@hshimizu hshimizu Awaiting requested review from hshimizu

@millerjp millerjp Awaiting requested review from millerjp

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cannot use relative paths for SSL certs

2 participants

@digiserg @rgooding