You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[panic: runtime error: invalid memory address or nil pointer dereference ]Throw errors gracefully when the certificate can't be found based on the name of key
#500
Open
CLIN42 opened this issue
Jun 28, 2022
· 0 comments
when supplying key can and crt pair at \etc\mqm\pki\keys, if the name of the crt and key doesn't match, below errors will be thrown while the container is being started
create a certificate and key pair, mq1.key and mq1-cer.crt
mount them to \etc\mqm\pki\keys as either ConfigMap or secret in the pod spec
start the pod
Analysis
method vendor/software.sslmate.com/src/go-pkcs12.Encode takes in public certificate as parameter
public certificate is generated by method internal\tls\tls.go:365. the method takes in keyPrefix as parameter and uses it to find the corresponding certificate internal\tls\tls.go:372
keyPrefix is returned by method processPrivateKey at internal\tls\tls.go:330. its value is the name of key without extension at internal\tls\tls.go:357
e.g. if the key name is mq.key, it will look for certificate mq.crt.
before create a new PKCS#12 Keystore, there is no check if the public certificate is null or not
// Process certificates (*.crt) - public certificate & optional CA certificatepublicCertificate, caCertificate, err:=processCertificates(keyDir, keySet.Name(), keyPrefix, keys, &tlsStore.Keystore, &tlsStore.Truststore)
iferr!=nil {
return"", err
}
// Create a new PKCS#12 Keystore - containing private key, public certificate & optional CA certificatefile, err:=pkcs.Encode(rand.Reader, privateKey, publicCertificate, caCertificate, tlsStore.Keystore.Password)
iferr!=nil {
return"", fmt.Errorf("Failed to encode PKCS#12 Keystore %s: %v", keySet.Name()+".p12", err)
}
Proposal
check if public and ca certificate is null before create keystore
throw gracefully when it is null.
The text was updated successfully, but these errors were encountered:
CLIN42
changed the title
Throw errors gracefully when the certificate can't be found based on the name of key
[panic: runtime error: invalid memory address or nil pointer dereference ]Throw errors gracefully when the certificate can't be found based on the name of key
Jun 28, 2022
issue statement
when supplying
key
can andcrt
pair at \etc\mqm\pki\keys, if the name of thecrt
andkey
doesn't match, below errors will be thrown while the container is being startedenvironment
version: 9.2.4
platform: Azure Kubernetes service
steps to produce
mq1.key
andmq1-cer.crt
\etc\mqm\pki\keys
as eitherConfigMap
orsecret
in the pod specAnalysis
vendor/software.sslmate.com/src/go-pkcs12.Encode
takes in public certificate as parameterinternal\tls\tls.go:365
. the method takes inkeyPrefix
as parameter and uses it to find the corresponding certificateinternal\tls\tls.go:372
keyPrefix
is returned by methodprocessPrivateKey
atinternal\tls\tls.go:330
. its value is the name of key without extension atinternal\tls\tls.go:357
e.g. if the key name is
mq.key
, it will look for certificatemq.crt
.Proposal
The text was updated successfully, but these errors were encountered: