From 5fad42d809eb9904a5b3138b7f55baafdbc25239 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Mon, 22 Oct 2018 14:14:44 -0400 Subject: [PATCH] rgw: SSE operations check rgw_transport_is_secure() Fixes: http://tracker.ceph.com/issues/27221 Signed-off-by: Casey Bodley (cherry picked from commit 8f94643) Signed-off-by: Jonathan Brielmaier --- src/rgw/rgw_crypt.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/rgw/rgw_crypt.cc b/src/rgw/rgw_crypt.cc index 03dcf6df49dfb..3516db5847079 100644 --- a/src/rgw/rgw_crypt.cc +++ b/src/rgw/rgw_crypt.cc @@ -936,7 +936,7 @@ int rgw_s3_prepare_encrypt(struct req_state* s, return -ERR_INVALID_ENCRYPTION_ALGORITHM; } if (s->cct->_conf->rgw_crypt_require_ssl && - !s->info.env->exists("SERVER_PORT_SECURE")) { + !rgw_transport_is_secure(s->cct, *s->info.env)) { ldout(s->cct, 5) << "ERROR: Insecure request, rgw_crypt_require_ssl is set" << dendl; return -ERR_INVALID_REQUEST; } @@ -1042,7 +1042,7 @@ int rgw_s3_prepare_encrypt(struct req_state* s, return -EINVAL; } if (s->cct->_conf->rgw_crypt_require_ssl && - !s->info.env->exists("SERVER_PORT_SECURE")) { + !rgw_transport_is_secure(s->cct, *s->info.env)) { ldout(s->cct, 5) << "ERROR: insecure request, rgw_crypt_require_ssl is set" << dendl; return -ERR_INVALID_REQUEST; } @@ -1158,7 +1158,7 @@ int rgw_s3_prepare_decrypt(struct req_state* s, if (stored_mode == "SSE-C-AES256") { if (s->cct->_conf->rgw_crypt_require_ssl && - !s->info.env->exists("SERVER_PORT_SECURE")) { + !rgw_transport_is_secure(s->cct, *s->info.env)) { ldout(s->cct, 5) << "ERROR: Insecure request, rgw_crypt_require_ssl is set" << dendl; return -ERR_INVALID_REQUEST; } @@ -1240,7 +1240,7 @@ int rgw_s3_prepare_decrypt(struct req_state* s, if (stored_mode == "SSE-KMS") { if (s->cct->_conf->rgw_crypt_require_ssl && - !s->info.env->exists("SERVER_PORT_SECURE")) { + !rgw_transport_is_secure(s->cct, *s->info.env)) { ldout(s->cct, 5) << "ERROR: Insecure request, rgw_crypt_require_ssl is set" << dendl; return -ERR_INVALID_REQUEST; } -- 2.39.5