Skip to content
This repository has been archived by the owner on Apr 29, 2024. It is now read-only.

Commit

Permalink
connect/ca: return a better error message if the CA isn't fully initi…
Browse files Browse the repository at this point in the history 
…alized when signing
  • Loading branch information
@kyhavlov
kyhavlov committed Jan 22, 2019
1 parent ddc4a8d commit a28ba46
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions agent/connect/ca/provider_consul.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -328,6 +328,9 @@ func (c *ConsulProvider) Sign(csr *x509.CertificateRequest) (string, error) {
if err != nil {
return "", err
}
if providerState.PrivateKey == "" {
return "", ErrNotInitialized
}

// Create the keyId for the cert from the signing private key.
signer, err := connect.ParseSigner(providerState.PrivateKey)
Expand Down Expand Up @@ -623,9 +626,9 @@ func (c *ConsulProvider) generateCA(privateKey string, sn uint64) (string, error
serialNum := &big.Int{}
serialNum.SetUint64(sn)
template := x509.Certificate{
SerialNumber: serialNum,
Subject: pkix.Name{CommonName: name},
URIs: []*url.URL{id.URI()},
SerialNumber: serialNum,
Subject: pkix.Name{CommonName: name},
URIs: []*url.URL{id.URI()},
BasicConstraintsValid: true,
KeyUsage: x509.KeyUsageCertSign |
x509.KeyUsageCRLSign |
Expand Down

0 comments on commit a28ba46

Please sign in to comment.