diff options
author | Ed Tanous <ed@tanous.net> | 2024-03-28 08:03:05 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2024-06-10 18:18:59 +0300 |
commit | 099225cc9300c8e06b742a48318df75b0366561f (patch) | |
tree | 59725b175cf3b47f2cc94d0abaf8db02d303e952 /http/http_server.hpp | |
parent | 2ecde74fa187366dc4ed628e61a88015cdbeb769 (diff) | |
download | bmcweb-099225cc9300c8e06b742a48318df75b0366561f.tar.xz |
Make cert generate for readonly directories
When run from a development PC, we shouldn't REQUIRE that the cert
directory exists or is writable.
This commit reworks the SSL cert generation to generate a string with
the certification info, instead of writing it to disk and reading it
back. This allows bmcweb to start up in read-only environments, or
environments where there isn't access to the key information.
Tested: Launching the application on a dev desktop without an ssl
directory present no longer crashes.
Change-Id: I0d44eb1ce8d298986c5560803ca2d72958d3707c
Signed-off-by: Ed Tanous <ed@tanous.net>
Diffstat (limited to 'http/http_server.hpp')
-rw-r--r-- | http/http_server.hpp | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/http/http_server.hpp b/http/http_server.hpp index 206a0d175e..6088ca1a2e 100644 --- a/http/http_server.hpp +++ b/http/http_server.hpp @@ -17,6 +17,7 @@ #include <filesystem> #include <future> #include <memory> +#include <string> #include <utility> #include <vector> @@ -96,9 +97,19 @@ class Server fs::path certFile = certPath / "server.pem"; BMCWEB_LOG_INFO("Building SSL Context file={}", certFile.string()); std::string sslPemFile(certFile); - ensuressl::ensureOpensslKeyPresentAndValid(sslPemFile); + std::string cert = + ensuressl::ensureOpensslKeyPresentAndValid(sslPemFile); + if (cert.empty()) + { + throw std::runtime_error("Failed to load string"); + } std::shared_ptr<boost::asio::ssl::context> sslContext = - ensuressl::getSslContext(sslPemFile); + ensuressl::getSslContext(cert); + if (sslContext == nullptr) + { + throw std::runtime_error("Failed to load certificate"); + } + BMCWEB_LOG_DEBUG("Replaced certificate"); adaptorCtx = sslContext; handler->ssl(std::move(sslContext)); } |