summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2022-01-05 17:55:09 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2022-01-05 17:55:09 -0700
commitb4bfa29be2191ffacfa4ed747bd5cdce8da8917f (patch)
tree92da66d08a6edc0a4155b8cbe5cf0ffac549daae
parent6cadb60fa2308f24a20a32c3f8d5e3a521c277ff (diff)
admin: Require identity for remote (fix #4478)
-rw-r--r--admin.go3
1 files changed, 3 insertions, 0 deletions
diff --git a/admin.go b/admin.go
index 6960de5..0a7b933 100644
--- a/admin.go
+++ b/admin.go
@@ -466,6 +466,9 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error {
}
// create TLS config that will enforce mutual authentication
+ if identityCertCache == nil {
+ return fmt.Errorf("cannot enable remote admin without a certificate cache; configure identity management to initialize a certificate cache")
+ }
cmCfg := cfg.Admin.Identity.certmagicConfig(remoteLogger, false)
tlsConfig := cmCfg.TLSConfig()
tlsConfig.NextProtos = nil // this server does not solve ACME challenges