From 4dca59ed276f90fea1f79cf72cdeb23371f39ba8 Mon Sep 17 00:00:00 2001
From: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.com>
Date: Mon, 7 Apr 2025 21:45:49 +0500
Subject: [PATCH] [filer] void panic if s3opt.tlsCACertificate is nill (#6685)

* fix issues/6684

* add s3.cacert.file option for filer
---
 weed/command/filer.go | 1 +
 weed/command/s3.go    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/weed/command/filer.go b/weed/command/filer.go
index 55ea1169d..1a341ac69 100644
--- a/weed/command/filer.go
+++ b/weed/command/filer.go
@@ -114,6 +114,7 @@ func init() {
 	filerS3Options.dataCenter = cmdFiler.Flag.String("s3.dataCenter", "", "prefer to read and write to volumes in this data center")
 	filerS3Options.tlsPrivateKey = cmdFiler.Flag.String("s3.key.file", "", "path to the TLS private key file")
 	filerS3Options.tlsCertificate = cmdFiler.Flag.String("s3.cert.file", "", "path to the TLS certificate file")
+	filerS3Options.tlsCACertificate = cmdFiler.Flag.String("s3.cacert.file", "", "path to the TLS CA certificate file")
 	filerS3Options.config = cmdFiler.Flag.String("s3.config", "", "path to the config file")
 	filerS3Options.auditLogConfig = cmdFiler.Flag.String("s3.auditLogConfig", "", "path to the audit log config file")
 	filerS3Options.allowEmptyFolder = cmdFiler.Flag.Bool("s3.allowEmptyFolder", true, "allow empty folders")
diff --git a/weed/command/s3.go b/weed/command/s3.go
index 84042b3e0..06eb5529b 100644
--- a/weed/command/s3.go
+++ b/weed/command/s3.go
@@ -312,7 +312,7 @@ func (s3opt *S3Options) startS3Server() bool {
 		}
 
 		caCertPool := x509.NewCertPool()
-		if *s3opt.tlsCACertificate != "" {
+		if s3opt.tlsCACertificate != nil && *s3opt.tlsCACertificate != "" {
 			// load CA certificate file and add it to list of client CAs
 			caCertFile, err := ioutil.ReadFile(*s3opt.tlsCACertificate)
 			if err != nil {