Fix validation for server tls verify configs

Signed-off-by: Firgeis <firgeis@gmail.com>
2026-02-28 07:27:31 +08:00 · 2022-01-13 11:40:12 -03:00
parent c92364561e
commit 9f8c24a0bc
1 changed files with 22 additions and 14 deletions
--- a/bitnami/pgbouncer/1/debian-10/rootfs/opt/bitnami/scripts/libpgbouncer.sh
+++ b/bitnami/pgbouncer/1/debian-10/rootfs/opt/bitnami/scripts/libpgbouncer.sh
@@ -96,20 +96,28 @@ pgbouncer_validate() {

    # TLS Checks (server)
    if [[ "$PGBOUNCER_SERVER_TLS_SSLMODE" != "disable" ]]; then
-        if [[ -z "$PGBOUNCER_SERVER_TLS_CERT_FILE" ]]; then
-            print_validation_error "You must provide a X.509 certificate in order to use server TLS"
-        elif [[ ! -f "$PGBOUNCER_SERVER_TLS_CERT_FILE" ]]; then
-            print_validation_error "The X.509 server certificate file in the specified path ${PGBOUNCER_SERVER_TLS_CERT_FILE} does not exist"
-        fi
-        if [[ -z "$PGBOUNCER_SERVER_TLS_KEY_FILE" ]]; then
-            print_validation_error "You must provide a private key in order to use server TLS"
-        elif [[ ! -f "$PGBOUNCER_SERVER_TLS_KEY_FILE" ]]; then
-            print_validation_error "The server private key file in the specified path ${PGBOUNCER_SERVER_TLS_KEY_FILE} does not exist"
-        fi
-        if [[ -z "$PGBOUNCER_SERVER_TLS_CA_FILE" ]]; then
-            warn "A CA X.509 certificate was not provided. Server verification will not be performed in TLS connections"
-        elif [[ ! -f "$PGBOUNCER_SERVER_TLS_CA_FILE" ]]; then
-            print_validation_error "The server CA X.509 certificate file in the specified path ${PGBOUNCER_SERVER_TLS_CA_FILE} does not exist"
+        if [[ "$PGBOUNCER_SERVER_TLS_SSLMODE" != "verify-ca" && "$PGBOUNCER_SERVER_TLS_SSLMODE" != "verify-full" ]]; then 
+            if [[ -z "$PGBOUNCER_SERVER_TLS_CERT_FILE" ]]; then
+                print_validation_error "You must provide a X.509 certificate in order to use server TLS"
+            elif [[ ! -f "$PGBOUNCER_SERVER_TLS_CERT_FILE" ]]; then
+                print_validation_error "The X.509 server certificate file in the specified path ${PGBOUNCER_SERVER_TLS_CERT_FILE} does not exist"
+            fi
+            if [[ -z "$PGBOUNCER_SERVER_TLS_KEY_FILE" ]]; then
+                print_validation_error "You must provide a private key in order to use server TLS"
+            elif [[ ! -f "$PGBOUNCER_SERVER_TLS_KEY_FILE" ]]; then
+                print_validation_error "The server private key file in the specified path ${PGBOUNCER_SERVER_TLS_KEY_FILE} does not exist"
+            fi
+            if [[ -z "$PGBOUNCER_SERVER_TLS_CA_FILE" ]]; then
+                warn "A CA X.509 certificate was not provided. Server verification will not be performed in TLS connections"
+            elif [[ ! -f "$PGBOUNCER_SERVER_TLS_CA_FILE" ]]; then
+                print_validation_error "The server CA X.509 certificate file in the specified path ${PGBOUNCER_SERVER_TLS_CA_FILE} does not exist"
+            fi
+        elif
+            if [[ -z "$PGBOUNCER_SERVER_TLS_CA_FILE" ]]; then
+                print_validation_error "A CA X.509 certificate was not provided. You need to set this value when specifying server_tls_sslmode to verify-ca or verify-full"
+            elif [[ ! -f "$PGBOUNCER_SERVER_TLS_CA_FILE" ]]; then
+                print_validation_error "The server CA X.509 certificate file in the specified path ${PGBOUNCER_SERVER_TLS_CA_FILE} does not exist"
+            fi
        fi
    fi