OR-306: Fix PemTrustOption setup

Consensys · Aug 6, 2019 · 83dcace · 83dcace
1 parent 1b66d4d
commit 83dcace
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/src/main/java/net/consensys/orion/cmd/Orion.java b/src/main/java/net/consensys/orion/cmd/Orion.java
@@ -77,6 +77,7 @@
 import io.vertx.core.http.HttpServer;
 import io.vertx.core.http.HttpServerOptions;
 import io.vertx.core.net.PemKeyCertOptions;
+import io.vertx.core.net.PemTrustOptions;
 import io.vertx.ext.web.Router;
 import io.vertx.ext.web.handler.BodyHandler;
 import io.vertx.ext.web.handler.LoggerHandler;
@@ -415,14 +416,19 @@ public void run(PrintStream out, PrintStream err, Config config) {
       Path tlsServerKey = workDir.resolve(config.tlsServerKey());
       PemKeyCertOptions pemKeyCertOptions =
           new PemKeyCertOptions().setKeyPath(tlsServerKey.toString()).setCertPath(tlsServerCert.toString());
-      for (Path chainCert : config.tlsServerChain()) {
-        pemKeyCertOptions.addCertPath(chainCert.toAbsolutePath().toString());
-      }
 
       options.setSsl(true);
       options.setClientAuth(ClientAuth.REQUIRED);
       options.setPemKeyCertOptions(pemKeyCertOptions);
 
+      if (!config.tlsServerChain().isEmpty()) {
+        PemTrustOptions pemTrustOptions = new PemTrustOptions();
+        for (Path chainCert : config.tlsServerChain()) {
+          pemTrustOptions.addCertPath(chainCert.toAbsolutePath().toString());
+        }
+      options.setPemTrustOptions(pemTrustOptions);
+      }
+
       Path knownClientsFile = config.tlsKnownClients();
       String serverTrustMode = config.tlsServerTrust().toLowerCase();
       switch (serverTrustMode) {

diff --git a/src/main/java/net/consensys/orion/network/NodeHttpClientBuilder.java b/src/main/java/net/consensys/orion/network/NodeHttpClientBuilder.java
@@ -21,6 +21,7 @@
 import io.vertx.core.http.HttpClient;
 import io.vertx.core.http.HttpClientOptions;
 import io.vertx.core.net.PemKeyCertOptions;
+import io.vertx.core.net.PemTrustOptions;
 
 public class NodeHttpClientBuilder {
 
@@ -37,13 +38,18 @@ public static HttpClient build(Vertx vertx, Config config, int clientTimeoutMs)
 
       PemKeyCertOptions pemKeyCertOptions =
           new PemKeyCertOptions().setKeyPath(tlsClientKey.toString()).setCertPath(tlsClientCert.toString());
-      for (Path chainCert : config.tlsClientChain()) {
-        pemKeyCertOptions.addCertPath(chainCert.toAbsolutePath().toString());
-      }
 
       options.setSsl(true);
       options.setPemKeyCertOptions(pemKeyCertOptions);
 
+      if (!config.tlsClientChain().isEmpty()) {
+        PemTrustOptions pemTrustOptions = new PemTrustOptions();
+        for (Path chainCert : config.tlsClientChain()) {
+          pemTrustOptions.addCertPath(chainCert.toAbsolutePath().toString());
+        }
+        options.setPemTrustOptions(pemTrustOptions);
+      }
+
       Path knownServersFile = config.tlsKnownServers();
       String clientTrustMode = config.tlsClientTrust();
       switch (clientTrustMode) {