Merge pull request #3086 from fluent/raise-error-for-broken-cert

Raise an error for broken certificate file. fix #3085

lib/fluent/plugin_helper/cert_option.rb

@@ -185,7 +185,7 @@ def cert_option_certificates_from_file(path)
         list = []
         data.scan(pattern){|match| list << OpenSSL::X509::Certificate.new(match) }
         if list.length == 0
-          log.warn "cert_path does not contain a valid certificate"
+          raise Fluent::ConfigError, "cert_path does not contain a valid certificate"
         end
         list
       end

lib/fluent/plugin_helper/socket.rb

@@ -199,7 +199,7 @@ def socket_certificates_from_file(path)
         list = []
         data.scan(pattern) { |match| list << OpenSSL::X509::Certificate.new(match) }
         if list.length == 0
-          log.warn "cert_path does not contain a valid certificate"
+          raise Fluent::ConfigError, "cert_path does not contain a valid certificate"
         end
         list
       end

test/plugin_helper/test_cert_option.rb

@@ -15,4 +15,11 @@ class Dummy < Fluent::Plugin::TestBase
     certs = d.cert_option_certificates_from_file("test/plugin_helper/data/cert/cert-with-CRLF.pem")
     assert_equal(1, certs.length)
   end
+
+  test 'raise an error for broken certificates_from_file file' do
+    d = Dummy.new
+    assert_raise Fluent::ConfigError do
+      certs = d.cert_option_certificates_from_file("test/plugin_helper/data/cert/empty.pem")
+    end
+  end
 end

test/plugin_helper/test_socket.rb

@@ -128,4 +128,12 @@ def do_start
       client.close
     end
   end
+
+  test 'with empty cert file' do
+    cert_path = File.expand_path(File.dirname(__FILE__) + '/data/cert/empty.pem')
+
+    assert_raise Fluent::ConfigError do
+      SocketHelperTestPlugin.new.socket_create_tls('127.0.0.1', PORT, cert_path: cert_path)
+    end
+  end
 end