Do not show passphrase even if it is invalid

... even when validation fails. Showing the invalid passphrase might
allow people to guess the correct one.

Change-Id: Ida326ccb72759d843cff95ffc72f7ffb9c4cf71a
(cherry picked from commit 314bfff89c)
(cherry picked from commit c24f796402)
(cherry picked from commit 0a7317adce)
(cherry picked from commit 86f040735a)
(cherry picked from commit 0a29502274)
(cherry picked from commit 52771825e2)
This commit is contained in:
Takashi Kajinami 2022-04-27 15:01:59 +09:00
parent db40598a78
commit a56b33a9d2
1 changed files with 4 additions and 2 deletions

View File

@ -109,13 +109,15 @@ class octavia::certificates (
'haproxy_amphora/client_cert' : value => $client_cert;
'haproxy_amphora/server_ca' : value => $ca_certificate;
}
if !$server_certs_key_passphrase {
fail('server_certs_key_passphrase is required for Octavia. Please provide a 32 characters passphrase.')
}
if length($server_certs_key_passphrase)!=32 {
fail("The passphrase '${server_certs_key_passphrase}' is invalid for server_certs_key_passphrase. Please provide a 32 characters
passphrase.")
fail('server_certs_key_passphrase must be 32 characters long.')
}
# The file creation will create the parent directory for each file if necessary, but
# only to one level.
if $ca_certificate_data {