fix(proxy): don't check TLS file permission (#1880)

2026-02-03 11:00:32 +00:00 · 2023-09-01 15:44:47 +01:00
parent cac9c754cb
commit e248d22892
2 changed files with 1 additions and 30 deletions
@@ -40,11 +40,6 @@ func main() {
 		log.Fatal(err)
 	}

-	cert, key, err := conf.TLSCertFiles()
-	if err != nil {
-		log.Fatal(err)
-	}
-
 	srv := &http.Server{
 		Handler:           handler,
 		ReadHeaderTimeout: 2 * time.Second,
@@ -94,7 +89,7 @@ func main() {
 		}
 	}

-	if cert != "" && key != "" {
+	if conf.TLSCertFile != "" && conf.TLSKeyFile != "" {
 		err = srv.ServeTLS(ln, conf.TLSCertFile, conf.TLSKeyFile)
 	} else {
 		err = srv.Serve(ln)
@@ -215,30 +215,6 @@ func (c *Config) BasicAuth() (user, pass string, ok bool) {
 	return user, pass, ok
 }

-// TLSCertFiles returns certificate and key files and an error if
-// both files doesn't exist and have approperiate file permissions.
-func (c *Config) TLSCertFiles() (cert, key string, err error) {
-	if c.TLSCertFile == "" && c.TLSKeyFile == "" {
-		return "", "", nil
-	}
-
-	certFile, err := os.Stat(c.TLSCertFile)
-	if err != nil {
-		return "", "", fmt.Errorf("could not access TLSCertFile: %w", err)
-	}
-
-	keyFile, err := os.Stat(c.TLSKeyFile)
-	if err != nil {
-		return "", "", fmt.Errorf("could not access TLSKeyFile: %w", err)
-	}
-
-	if keyFile.Mode()&0o077 != 0 && runtime.GOOS != "windows" {
-		return "", "", fmt.Errorf("TLSKeyFile should not be accessible by others")
-	}
-
-	return certFile.Name(), keyFile.Name(), nil
-}
-
 // FilterOff returns true if the FilterFile is empty.
 func (c *Config) FilterOff() bool {
 	return c.FilterFile == ""