Make cert generate for readonly directories

When run from a development PC, we shouldn't REQUIRE that the cert
directory exists or is writable.

This commit reworks the SSL cert generation to generate a string with
the certification info, instead of writing it to disk and reading it
back.  This allows bmcweb to start up in read-only environments, or
environments where there isn't access to the key information.

Tested: Launching the application on a dev desktop without an ssl
directory present no longer crashes.

Change-Id: I0d44eb1ce8d298986c5560803ca2d72958d3707c
Signed-off-by: Ed Tanous <ed@tanous.net>

1 files changed, 13 insertions, 2 deletions

diff --git a/http/http_server.hpp b/http/http_server.hpp
index 206a0d175e..6088ca1a2e 100644
--- a/http/http_server.hpp
+++ b/http/http_server.hpp
@@ -17,6 +17,7 @@
 #include <filesystem>
 #include <future>
 #include <memory>
+#include <string>
 #include <utility>
 #include <vector>
 
@@ -96,9 +97,19 @@ class Server
         fs::path certFile = certPath / "server.pem";
         BMCWEB_LOG_INFO("Building SSL Context file={}", certFile.string());
         std::string sslPemFile(certFile);
-        ensuressl::ensureOpensslKeyPresentAndValid(sslPemFile);
+        std::string cert =
+            ensuressl::ensureOpensslKeyPresentAndValid(sslPemFile);
+        if (cert.empty())
+        {
+            throw std::runtime_error("Failed to load string");
+        }
         std::shared_ptr<boost::asio::ssl::context> sslContext =
-            ensuressl::getSslContext(sslPemFile);
+            ensuressl::getSslContext(cert);
+        if (sslContext == nullptr)
+        {
+            throw std::runtime_error("Failed to load certificate");
+        }
+        BMCWEB_LOG_DEBUG("Replaced certificate");
         adaptorCtx = sslContext;
         handler->ssl(std::move(sslContext));
     }