Skip to content

Commit b48e665

Browse files
kruttenkrutten
committed
[fix] Only create CA file if CA is present for verify-ca
1 parent 281570b commit b48e665

File tree

1 file changed

+21
-18
lines changed

1 file changed

+21
-18
lines changed

src/jetstream/datastore/database_cf_config.go

Lines changed: 21 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -93,25 +93,28 @@ func findDatabaseConfig(vcapServices map[string][]VCAPService, db *DatabaseConfi
9393
}
9494
if db.SSLMode == string(SSLVerifyCA) {
9595
log.Infof("Attempting to use SSL for database connection")
96-
tempFile, err := os.CreateTemp("", "postgres-ssl-*.crt")
97-
if err != nil {
98-
log.Warnf("Failed store Cloud Foundry service certificate in temp file; could not create temp file: %s", err.Error())
99-
return false
96+
if (dbCredentials["cacrt"] != nil) && (dbCredentials["cacrt"] != "") { // Check if CA certificate is present
97+
log.Infof("Found service CA in VCAP_SERICES, will use it to verify the database connection")
98+
tempFile, err := os.CreateTemp("", "postgres-ssl-*.crt")
99+
if err != nil {
100+
log.Warnf("Failed store Cloud Foundry service certificate in temp file; could not create temp file: %s", err.Error())
101+
return false
102+
} _, err = tempFile.WriteString(getDBCredentialsValue(dbCredentials["cacrt"]))
103+
if err != nil {
104+
log.Warnf("Failed store Cloud Foundry service certificate in temp file; could not write to temp file: %s", err.Error())
105+
return false
106+
}
107+
108+
err = tempFile.Close()
109+
if err != nil {
110+
log.Warnf("Failed store Cloud Foundry service certificate in temp file; could not save temp file after writing: %s", err.Error())
111+
return false
112+
}
113+
114+
db.SSLRootCertificate = tempFile.Name()
115+
} else {
116+
log.Infof("No CA certificate found in VCAP_SERVICES, using system CA certificates")
100117
}
101-
102-
_, err = tempFile.WriteString(getDBCredentialsValue(dbCredentials["cacrt"]))
103-
if err != nil {
104-
log.Warnf("Failed store Cloud Foundry service certificate in temp file; could not write to temp file: %s", err.Error())
105-
return false
106-
}
107-
108-
err = tempFile.Close()
109-
if err != nil {
110-
log.Warnf("Failed store Cloud Foundry service certificate in temp file; could not save temp file after writing: %s", err.Error())
111-
return false
112-
}
113-
114-
db.SSLRootCertificate = tempFile.Name()
115118
}
116119
} else if isMySQLService(service) {
117120
db.DatabaseProvider = "mysql"

0 commit comments

Comments
 (0)