From 0aeca6bbf5b08d0f28f969162c0e5475c9ed7469 Mon Sep 17 00:00:00 2001
From: Eugene Bujak <hmage@hmage.net>
Date: Tue, 12 Feb 2019 17:23:03 +0300
Subject: [PATCH] Don't keep certificates and keys encoded with base64 in yaml
 config

---
 control.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/control.go b/control.go
index 344cd6af..4ce261ca 100644
--- a/control.go
+++ b/control.go
@@ -1034,6 +1034,14 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 // ---
 func handleTLSStatus(w http.ResponseWriter, r *http.Request) {
 	data := config.TLS
+	if data.CertificateChain != "" {
+		encoded := base64.StdEncoding.EncodeToString([]byte(data.CertificateChain))
+		data.CertificateChain = string(encoded)
+	}
+	if data.PrivateKey != "" {
+		encoded := base64.StdEncoding.EncodeToString([]byte(data.PrivateKey))
+		data.PrivateKey = string(encoded)
+	}
 	err := json.NewEncoder(w).Encode(&data)
 	if err != nil {
 		httpError(w, http.StatusInternalServerError, "Failed to marshal json with TLS status: %s", err)
@@ -1057,6 +1065,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 			httpError(w, http.StatusBadRequest, "Failed to base64-decode certificate chain: %s", err)
 			return
 		}
+		data.CertificateChain = string(certPEM)
 
 		log.Printf("got certificate: %s", certPEM)
 
@@ -1067,6 +1076,8 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 				return
 			}
 
+			data.PrivateKey = string(keyPEM)
+
 			_, err = tls.X509KeyPair(certPEM, keyPEM)
 			if err != nil {
 				httpError(w, http.StatusBadRequest, "Invalid certificate or key: %s", err)