diff --git a/config/setup/tls.go b/config/setup/tls.go index a26e9265..74732310 100644 --- a/config/setup/tls.go +++ b/config/setup/tls.go @@ -64,19 +64,20 @@ func TLS(c *Controller) (middleware.Middleware, error) { } value, ok := supportedProtocols[strings.ToLower(args[0])] if !ok { - return nil, c.ArgErr() + return nil, c.Errf("Wrong protocol name or protocol not supported '%s'", c.Val()) + } c.TLS.ProtocolMinVersion = value value, ok = supportedProtocols[strings.ToLower(args[1])] if !ok { - return nil, c.ArgErr() + return nil, c.Errf("Wrong protocol name or protocol not supported '%s'", c.Val()) } c.TLS.ProtocolMaxVersion = value case "ciphers": for c.NextArg() { value, ok := supportedCiphers[strings.ToUpper(c.Val())] if !ok { - return nil, c.ArgErr() + return nil, c.Errf("Wrong cipher name or cipher not supported '%s'", c.Val()) } c.TLS.Ciphers = append(c.TLS.Ciphers, value) } @@ -84,9 +85,13 @@ func TLS(c *Controller) (middleware.Middleware, error) { if !c.NextArg() { return nil, c.ArgErr() } - c.TLS.CacheSize, _ = strconv.Atoi(c.Val()) + size, err := strconv.Atoi(c.Val()) + if err != nil { + return nil, c.Errf("Cache parameter should be an number '%s': %v", c.Val(), err) + } + c.TLS.CacheSize = size default: - return nil, c.ArgErr() + return nil, c.Errf("Unknown keyword '%s'") } } } diff --git a/config/setup/tls_test.go b/config/setup/tls_test.go index 8895dd11..7ba337de 100644 --- a/config/setup/tls_test.go +++ b/config/setup/tls_test.go @@ -76,3 +76,34 @@ func TestTLSParseWithOptionalParams(t *testing.T) { t.Errorf("Expected CacheSize 128, got %v", c.TLS.CacheSize) } } + +func TestTLSParseWithWrongOptionalParams(t *testing.T) { + params := `tls cert.crt cert.key { + cache a + }` + c := newTestController(params) + _, err := TLS(c) + if err == nil { + t.Errorf("Expected errors, but no error returned") + } + + // Test protocols wrong params + params = `tls cert.crt cert.key { + protocols ssl tls + }` + c = newTestController(params) + _, err = TLS(c) + if err == nil { + t.Errorf("Expected errors, but no error returned") + } + + // Test ciphers wrong params + params = `tls cert.crt cert.key { + ciphers not-valid-cipher + }` + c = newTestController(params) + _, err = TLS(c) + if err == nil { + t.Errorf("Expected errors, but no error returned") + } +}