Do not show passphrase even if it is invalid
... even when validation fails. Showing the invalid passphrase might allow people to guess the correct one. Change-Id: Ida326ccb72759d843cff95ffc72f7ffb9c4cf71a (cherry picked from commit314bfff89c
) (cherry picked from commitc24f796402
) (cherry picked from commit0a7317adce
) (cherry picked from commit86f040735a
) (cherry picked from commit0a29502274
) (cherry picked from commit52771825e2
)
This commit is contained in:
parent
db40598a78
commit
a56b33a9d2
|
@ -109,13 +109,15 @@ class octavia::certificates (
|
||||||
'haproxy_amphora/client_cert' : value => $client_cert;
|
'haproxy_amphora/client_cert' : value => $client_cert;
|
||||||
'haproxy_amphora/server_ca' : value => $ca_certificate;
|
'haproxy_amphora/server_ca' : value => $ca_certificate;
|
||||||
}
|
}
|
||||||
|
|
||||||
if !$server_certs_key_passphrase {
|
if !$server_certs_key_passphrase {
|
||||||
fail('server_certs_key_passphrase is required for Octavia. Please provide a 32 characters passphrase.')
|
fail('server_certs_key_passphrase is required for Octavia. Please provide a 32 characters passphrase.')
|
||||||
}
|
}
|
||||||
|
|
||||||
if length($server_certs_key_passphrase)!=32 {
|
if length($server_certs_key_passphrase)!=32 {
|
||||||
fail("The passphrase '${server_certs_key_passphrase}' is invalid for server_certs_key_passphrase. Please provide a 32 characters
|
fail('server_certs_key_passphrase must be 32 characters long.')
|
||||||
passphrase.")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# The file creation will create the parent directory for each file if necessary, but
|
# The file creation will create the parent directory for each file if necessary, but
|
||||||
# only to one level.
|
# only to one level.
|
||||||
if $ca_certificate_data {
|
if $ca_certificate_data {
|
||||||
|
|
Loading…
Reference in New Issue