Return error if datasource TLS CA not parsed

f6aa0e41 · Matt Bostock · e23c678d · f6aa0e41
Commit f6aa0e41 authored Sep 28, 2017 by Matt Bostock
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

pkg/models/datasource_cache.go
+4 -3

No files found.
--- a/pkg/models/datasource_cache.go
+++ b/pkg/models/datasource_cache.go
@@ -3,6 +3,7 @@ package models
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"errors"
 	"net"
 	"net/http"
 	"sync"
@@ -71,13 +72,13 @@ func (ds *DataSource) GetHttpTransport() (*http.Transport, error) {
 	if tlsClientAuth || tlsAuthWithCACert {
 		decrypted := ds.SecureJsonData.Decrypt()
 		if tlsAuthWithCACert && len(decrypted["tlsCACert"]) > 0 {
 			caPool := x509.NewCertPool()
 			ok := caPool.AppendCertsFromPEM([]byte(decrypted["tlsCACert"]))
-			if ok {
+			if !ok {
-				transport.TLSClientConfig.RootCAs = caPool
+				return nil, errors.New("Failed to parse TLS CA PEM certificate")
 			}
+			transport.TLSClientConfig.RootCAs = caPool
 		}
 		if tlsClientAuth {