0.9.7: Bugfixing validation

This release fixes a validation bug introduced in the previous version where TLS parameters were validated even if the URL didn't point to a `https://` URL.
ContainerSSH · Mar 6, 2021 · 7b2d246 · 7b2d246
1 parent eb3325e
commit 7b2d246
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 0.9.7: Bugfixing validation
+
+This release fixes a validation bug introduced in the previous version where TLS parameters were validated even if the URL didn't point to a `https://` URL.
+
 ## 0.9.6: Configurable TLS support, unified logging
 
 This release adds configurable TLS versions, ciphers, ECDH curves, as well as transitioning to the unified logging interface. 

diff --git a/client.go b/client.go
@@ -346,14 +346,16 @@ func (c *ClientConfiguration) Validate() error {
 		return err
 	}
 
-	if err := c.TLSVersion.Validate(); err != nil {
-		return fmt.Errorf("invalid TLS version (%w)", err)
-	}
-	if err := c.ECDHCurves.Validate(); err != nil {
-		return fmt.Errorf("invalid curve algorithms (%w)", err)
-	}
-	if err := c.CipherSuites.Validate(); err != nil {
-		return fmt.Errorf("invalid cipher suites (%w)", err)
+	if strings.HasPrefix(c.URL, "https://") {
+		if err := c.TLSVersion.Validate(); err != nil {
+			return fmt.Errorf("invalid TLS version (%w)", err)
+		}
+		if err := c.ECDHCurves.Validate(); err != nil {
+			return fmt.Errorf("invalid curve algorithms (%w)", err)
+		}
+		if err := c.CipherSuites.Validate(); err != nil {
+			return fmt.Errorf("invalid cipher suites (%w)", err)
+		}
 	}
 
 	return c.validateClientCert()