Load certs even if they are symlinks (#8494)

2024-07-22 02:44:15 +00:00 · 2019-11-07 22:29:20 -08:00 · 2019-11-07 22:29:20 -08:00 · 26863009c0
parent 26e760ee62
commit 26863009c0
3 changed files with 11 additions and 11 deletions
--- a/cmd/config/certs.go
+++ b/cmd/config/certs.go
@ -25,7 +25,7 @@ import (
 	"encoding/pem"
 	"io/ioutil"
 	"os"
-	"path/filepath"
+	"path"
 	"github.com/minio/minio/pkg/env"
 )
@ -82,22 +82,21 @@ func GetRootCAs(certsCAsDir string) (*x509.CertPool, error) {
 	fis, err := ioutil.ReadDir(certsCAsDir)
 	if err != nil {
-		if os.IsNotExist(err) {
+		if os.IsNotExist(err) || os.IsPermission(err) {
-			err = nil // Return success if CA's directory is missing.
+			// Return success if CA's directory is missing or permission denied.
 			err = nil
 		}
 		return rootCAs, err
 	}
 	// Load all custom CA files.
 	for _, fi := range fis {
-		// Only load regular files as public cert.
+		caCert, err := ioutil.ReadFile(path.Join(certsCAsDir, fi.Name()))
-		if fi.Mode().IsRegular() {
+		if err != nil {
-			caCert, err := ioutil.ReadFile(filepath.Join(certsCAsDir, fi.Name()))
+			// ignore files which are not readable.
-			if err != nil {
+			continue
 				return rootCAs, err
 			}
 			rootCAs.AppendCertsFromPEM(caCert)
 		}
 		rootCAs.AppendCertsFromPEM(caCert)
 	}
 	return rootCAs, nil
 }
--- a/go.sum
+++ b/go.sum
@ -362,6 +362,7 @@ github.com/klauspost/pgzip v1.2.1 h1:oIPZROsWuPHpOdMVWLuJZXwgjhrW8r1yEX8UqMyeNHM
 github.com/klauspost/pgzip v1.2.1/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/klauspost/readahead v1.3.0 h1:ur57scQa1RS6oQgdq+6mylmP2u0iR1LFw1zy3Xwqacg=
 github.com/klauspost/readahead v1.3.0/go.mod h1:AH9juHzNH7xqdqFHrMRSHeH2Ps+vFf+kblDqzPFiLJg=
 github.com/klauspost/readahead v1.3.1 h1:QqXNYvm+VvqYcbrRT4LojUciM0XrznFRIDrbHiJtu/0=
 github.com/klauspost/readahead v1.3.1/go.mod h1:AH9juHzNH7xqdqFHrMRSHeH2Ps+vFf+kblDqzPFiLJg=
 github.com/klauspost/reedsolomon v0.0.0-20190210214925-2b210cf0866d/go.mod h1:CwCi+NUr9pqSVktrkN+Ondf06rkhYZ/pcNv7fu+8Un4=
 github.com/klauspost/reedsolomon v1.9.1 h1:kYrT1MlR4JH6PqOpC+okdb9CDTcwEC/BqpzK4WFyXL8=
--- a/mint/build/aws-sdk-ruby/install.sh
+++ b/mint/build/aws-sdk-ruby/install.sh
@ -15,4 +15,4 @@
 #  limitations under the License.
 #
-gem install --no-rdoc --no-ri aws-sdk multipart_body
+gem install --no-rdoc --no-ri aws-sdk-resources:3.56.0 aws-sdk multipart_body