diff options
| author | Ramesh Iyyar <rameshi1@in.ibm.com> | 2019-06-22 08:23:29 +0300 |
|---|---|---|
| committer | Ed Tanous <ed.tanous@intel.com> | 2019-07-09 20:43:52 +0300 |
| commit | c0bf89338fb6058d9876306867730668d11e8b47 (patch) | |
| tree | 2e0079713dba2c837b2d96426a78d39077cb498d /include/ssl_key_handler.hpp | |
| parent | bfd5b826eab854d287542b0a7c540477c6950eb7 (diff) | |
| download | bmcweb-c0bf89338fb6058d9876306867730668d11e8b47.tar.xz | |
Addressed certificate read issue
Certificate reading is failed if Key and Certificate in different order
Git Issue ID:
- https://github.com/openbmc/bmcweb/issues/91
Root Cause:
In uploaded certificate the order is in CSR and then RSA, due
to this certificate reading is failed when same file pointer are used
for read key and certificate.
Solution:
Setting file pointer to point beginning of the file to avoid
key and certificate order error and it will support both order.
Tested By:
- Uploaded the certificate by changing component order.
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -H
"Content-Type: application/octet-stream" -X POST -T cert.pem
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates
Change-Id: I6f6d41e7b8a7c2f7c5ce53c5d1bbdf69189119b2
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
Diffstat (limited to 'include/ssl_key_handler.hpp')
| -rw-r--r-- | include/ssl_key_handler.hpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index 2b67661d62..7aa1c53008 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -72,6 +72,12 @@ inline bool verifyOpensslKeyCert(const std::string &filepath) if (privateKeyValid) { + // If the order is certificate followed by key in input file + // then, certificate read will fail. So, setting the file + // pointer to point beginning of file to avoid certificate and + // key order issue. + fseek(file, 0, SEEK_SET); + X509 *x509 = PEM_read_X509(file, NULL, NULL, NULL); if (x509 == nullptr) { |