Improving error handling in client certificate library (#1237)

2021-11-10 18:12:49 +01:00 · 2021-11-10 18:12:49 +01:00 · ac75d9aa9b
parent 09b5fb11e8
commit ac75d9aa9b
4 changed files with 23 additions and 11 deletions
--- a/v2/pkg/protocols/headless/engine/engine.go
+++ b/v2/pkg/protocols/headless/engine/engine.go
@ -88,7 +88,12 @@ func New(options *types.Options) (*Browser, error) {
 	if customAgent == "" {
 		customAgent = uarand.GetRandom()
 	}
-	httpclient := newhttpClient(options)
+
+	httpclient, err := newhttpClient(options)
+	if err != nil {
+		return nil, err
+	}
+
 	engine := &Browser{
 		tempDir:     dataStore,
 		customAgent: customAgent,
--- a/v2/pkg/protocols/headless/engine/http_client.go
+++ b/v2/pkg/protocols/headless/engine/http_client.go
@ -18,7 +18,7 @@ import (
 )

 // newhttpClient creates a new http client for headless communication with a timeout
-func newhttpClient(options *types.Options) *http.Client {
+func newhttpClient(options *types.Options) (*http.Client, error) {
 	dialer := protocolstate.Dialer

 	// Set the base TLS configuration definition
@ -28,7 +28,11 @@ func newhttpClient(options *types.Options) *http.Client {
 	}

 	// Add the client certificate authentication to the request if it's configured
-	tlsConfig = utils.AddConfiguredClientCertToRequest(tlsConfig, options)
+	var err error
+	tlsConfig, err = utils.AddConfiguredClientCertToRequest(tlsConfig, options)
+	if err != nil {
+		return nil, err
+	}

 	transport := &http.Transport{
 		DialContext:         dialer.Dial,
@ -70,5 +74,5 @@ func newhttpClient(options *types.Options) *http.Client {
 		},
 	}

-	return httpclient
+	return httpclient, nil
 }
--- a/v2/pkg/protocols/http/httpclientpool/clientpool.go
+++ b/v2/pkg/protocols/http/httpclientpool/clientpool.go
@ -169,7 +169,10 @@ func wrappedGet(options *types.Options, configuration *Configuration) (*retryabl
 	}

 	// Add the client certificate authentication to the request if it's configured
-	tlsConfig = utils.AddConfiguredClientCertToRequest(tlsConfig, options)
+	tlsConfig, err = utils.AddConfiguredClientCertToRequest(tlsConfig, options)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not create client certificate")
+	}

 	transport := &http.Transport{
 		DialContext:         Dialer.Dial,
--- a/v2/pkg/protocols/utils/utils.go
+++ b/v2/pkg/protocols/utils/utils.go
@ -3,13 +3,13 @@ package utils
 import (
 	"crypto/tls"
 	"crypto/x509"
-	"github.com/projectdiscovery/nuclei/v2/pkg/types"
 	"io/ioutil"
-	"log"
+
+	"github.com/projectdiscovery/nuclei/v2/pkg/types"
 )

 // AddConfiguredClientCertToRequest adds the client certificate authentication to the tls.Config object and returns it
-func AddConfiguredClientCertToRequest(tlsConfig *tls.Config, options *types.Options) *tls.Config {
+func AddConfiguredClientCertToRequest(tlsConfig *tls.Config, options *types.Options) (*tls.Config, error) {
 	// Build the TLS config with the client certificate if it has been configured with the appropriate options.
 	// Only one of the options needs to be checked since the validation checks in main.go ensure that all three
 	// files are set if any of the client certification configuration options are.
@ -17,18 +17,18 @@ func AddConfiguredClientCertToRequest(tlsConfig *tls.Config, options *types.Opti
 		// Load the client certificate using the PEM encoded client certificate and the private key file
 		cert, err := tls.LoadX509KeyPair(options.ClientCertFile, options.ClientKeyFile)
 		if err != nil {
-			log.Fatal(err)
+			return nil, err
 		}
 		tlsConfig.Certificates = []tls.Certificate{cert}

 		// Load the certificate authority PEM certificate into the TLS configuration
 		caCert, err := ioutil.ReadFile(options.ClientCAFile)
 		if err != nil {
-			log.Fatal(err)
+			return nil, err
 		}
 		caCertPool := x509.NewCertPool()
 		caCertPool.AppendCertsFromPEM(caCert)
 		tlsConfig.RootCAs = caCertPool
 	}
-	return tlsConfig
+	return tlsConfig, nil
 }