httpserver: fixes #8641

Changes to the http_server class meant that the TLS settings were not getting applied anymore. This fixes so that the minimum TLS version is 1.2 again.
2025-02-25 18:55:37 -06:00 · 2017-06-17 23:10:12 +02:00
parent ad080af38f
commit 0eb297822c
1 changed files with 6 additions and 9 deletions
--- a/pkg/api/http_server.go
+++ b/pkg/api/http_server.go
@@ -61,7 +61,7 @@ func (hs *HttpServer) Start(ctx context.Context) error {
 			return nil
 		}
 	case setting.HTTPS:
-		err = hs.httpSrv.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
+		err = hs.listenAndServeTLS(setting.CertFile, setting.KeyFile)
 		if err == http.ErrServerClosed {
 			hs.log.Debug("server was shutdown gracefully")
 			return nil
@@ -92,7 +92,7 @@ func (hs *HttpServer) Shutdown(ctx context.Context) error {
 	return err
 }
-func (hs *HttpServer) listenAndServeTLS(listenAddr, certfile, keyfile string) error {
+func (hs *HttpServer) listenAndServeTLS(certfile, keyfile string) error {
 	if certfile == "" {
 		return fmt.Errorf("cert_file cannot be empty when using HTTPS")
 	}
@@ -127,14 +127,11 @@ func (hs *HttpServer) listenAndServeTLS(listenAddr, certfile, keyfile string) er
 			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 		},
 	}
 	srv := &http.Server{
 		Addr:         listenAddr,
 		Handler:      hs.macaron,
 		TLSConfig:    tlsCfg,
 		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
 	}
-	return srv.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
+	hs.httpSrv.TLSConfig = tlsCfg
 	hs.httpSrv.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0)
 	return hs.httpSrv.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
 }
 func (hs *HttpServer) newMacaron() *macaron.Macaron {