From 3c9581adde0f309a72ceba4d2a1d584c81995cdb Mon Sep 17 00:00:00 2001
From: Xiang Li <xiang.li@coreos.com>
Date: Fri, 6 Mar 2015 10:42:23 -0800
Subject: [PATCH] pkg/transport: fix downgrade https to http bug in transport

If the TLS config is empty, etcd downgrades https to http without a warning.
This commit avoid the downgrade and stoping etcd from bootstrap if it cannot
listen on TLS.
---
 pkg/transport/listener.go      | 5 ++++-
 pkg/transport/listener_test.go | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkg/transport/listener.go b/pkg/transport/listener.go
index 0c4c59619..d3c0f4d1d 100644
--- a/pkg/transport/listener.go
+++ b/pkg/transport/listener.go
@@ -31,7 +31,10 @@ func NewListener(addr string, scheme string, info TLSInfo) (net.Listener, error)
 		return nil, err
 	}
 
-	if !info.Empty() && scheme == "https" {
+	if scheme == "https" {
+		if info.Empty() {
+			return nil, fmt.Errorf("cannot listen on TLS for %s: KeyFile and CertFile are not presented", scheme+"://"+addr)
+		}
 		cfg, err := info.ServerConfig()
 		if err != nil {
 			return nil, err
diff --git a/pkg/transport/listener_test.go b/pkg/transport/listener_test.go
index 40db7c447..f6565e102 100644
--- a/pkg/transport/listener_test.go
+++ b/pkg/transport/listener_test.go
@@ -70,6 +70,13 @@ func TestNewListenerTLSInfo(t *testing.T) {
 	}
 }
 
+func TestNewListenerTLSEmptyInfo(t *testing.T) {
+	_, err := NewListener("127.0.0.1:0", "https", TLSInfo{})
+	if err == nil {
+		t.Errorf("err = nil, want not presented error")
+	}
+}
+
 func TestNewListenerTLSInfoNonexist(t *testing.T) {
 	tlsInfo := TLSInfo{CertFile: "@badname", KeyFile: "@badname"}
 	_, err := NewListener("127.0.0.1:0", "https", tlsInfo)