Address @bboreham's comments

Signed-off-by: Annanay <annanayagarwal@gmail.com>
weaveworks · Apr 21, 2020 · 0bda25d · 0bda25d
1 parent b728180
commit 0bda25d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 11 deletions.
diff --git a/server/server.go b/server/server.go
@@ -152,13 +152,15 @@ func New(cfg Config) (*Server, error) {
 	// Setup TLS
 	var httpTLSConfig *tls.Config
 	if len(cfg.HTTPTLSConfig.TLSCertPath) > 0 && len(cfg.HTTPTLSConfig.TLSKeyPath) > 0 {
+		// Note: ConfigToTLSConfig from prometheus/node_exporter is awaiting security review.
 		httpTLSConfig, err = node_https.ConfigToTLSConfig(&cfg.HTTPTLSConfig)
 		if err != nil {
 			return nil, fmt.Errorf("error generating http tls config: %v", err)
 		}
 	}
 	var grpcTLSConfig *tls.Config
 	if len(cfg.GRPCTLSConfig.TLSCertPath) > 0 && len(cfg.GRPCTLSConfig.TLSKeyPath) > 0 {
+		// Note: ConfigToTLSConfig from prometheus/node_exporter is awaiting security review.
 		grpcTLSConfig, err = node_https.ConfigToTLSConfig(&cfg.GRPCTLSConfig)
 		if err != nil {
 			return nil, fmt.Errorf("error generating grpc tls config: %v", err)

diff --git a/server/server_test.go b/server/server_test.go
@@ -18,7 +18,6 @@ import (
 
 	google_protobuf "github.com/golang/protobuf/ptypes/empty"
 	"github.com/prometheus/client_golang/prometheus"
-	"github.com/prometheus/common/log"
 	node_https "github.com/prometheus/node_exporter/https"
 	"github.com/stretchr/testify/require"
 	"github.com/weaveworks/common/httpgrpc"
@@ -336,18 +335,13 @@ func TestTLSServer(t *testing.T) {
 	defer server.Shutdown()
 
 	clientCert, err := tls.LoadX509KeyPair("certs/client.crt", "certs/client.key")
-	if err != nil {
-		log.Warnf("error loading cert %s or key %s, tls disabled", "certs/client.crt", "certs/client.key")
-	}
+	require.NoError(t, err)
 
-	var caCertPool *x509.CertPool
 	caCert, err := ioutil.ReadFile(cfg.HTTPTLSConfig.ClientCAs)
-	if err != nil {
-		log.Warnf("error loading ca cert %s, tls disabled", cfg.HTTPTLSConfig.ClientCAs)
-	} else {
-		caCertPool = x509.NewCertPool()
-		caCertPool.AppendCertsFromPEM(caCert)
-	}
+	require.NoError(t, err)
+
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
 
 	tlsConfig := &tls.Config{
 		InsecureSkipVerify: true,