function _M.check_ssl

function _M.check_ssl_conf()

in apisix/ssl.lua [255:305]
42 lines of code
13 McCabe index (conditional complexity)

function _M.check_ssl_conf(in_dp, conf)
    if not in_dp then
        local ok, err = core.schema.check(core.schema.ssl, conf)
        if not ok then
            return nil, "invalid configuration: " .. err
        end
    end

    if not secret.check_secret_uri(conf.cert) and
        not secret.check_secret_uri(conf.key) then

        local ok, err = validate(conf.cert, conf.key)
        if not ok then
            return nil, err
        end
    end

    if conf.type == "client" then
        return true
    end

    local numcerts = conf.certs and #conf.certs or 0
    local numkeys = conf.keys and #conf.keys or 0
    if numcerts ~= numkeys then
        return nil, "mismatched number of certs and keys"
    end

    for i = 1, numcerts do
        if not secret.check_secret_uri(conf.certs[i]) and
            not secret.check_secret_uri(conf.keys[i]) then

            local ok, err = validate(conf.certs[i], conf.keys[i])
            if not ok then
                return nil, "failed to handle cert-key pair[" .. i .. "]: " .. err
            end
        end
    end

    if conf.client then
        if not support_client_verification() then
            return nil, "client tls verify unsupported"
        end

        local ok, err = validate(conf.client.ca, nil)
        if not ok then
            return nil, "failed to validate client_cert: " .. err
        end
    end

    return true
end