From 099225cc9300c8e06b742a48318df75b0366561f Mon Sep 17 00:00:00 2001 From: Ed Tanous Date: Wed, 27 Mar 2024 22:03:05 -0700 Subject: Make cert generate for readonly directories When run from a development PC, we shouldn't REQUIRE that the cert directory exists or is writable. This commit reworks the SSL cert generation to generate a string with the certification info, instead of writing it to disk and reading it back. This allows bmcweb to start up in read-only environments, or environments where there isn't access to the key information. Tested: Launching the application on a dev desktop without an ssl directory present no longer crashes. Change-Id: I0d44eb1ce8d298986c5560803ca2d72958d3707c Signed-off-by: Ed Tanous --- http/http_server.hpp | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'http/http_server.hpp') diff --git a/http/http_server.hpp b/http/http_server.hpp index 206a0d175e..6088ca1a2e 100644 --- a/http/http_server.hpp +++ b/http/http_server.hpp @@ -17,6 +17,7 @@ #include #include #include +#include #include #include @@ -96,9 +97,19 @@ class Server fs::path certFile = certPath / "server.pem"; BMCWEB_LOG_INFO("Building SSL Context file={}", certFile.string()); std::string sslPemFile(certFile); - ensuressl::ensureOpensslKeyPresentAndValid(sslPemFile); + std::string cert = + ensuressl::ensureOpensslKeyPresentAndValid(sslPemFile); + if (cert.empty()) + { + throw std::runtime_error("Failed to load string"); + } std::shared_ptr sslContext = - ensuressl::getSslContext(sslPemFile); + ensuressl::getSslContext(cert); + if (sslContext == nullptr) + { + throw std::runtime_error("Failed to load certificate"); + } + BMCWEB_LOG_DEBUG("Replaced certificate"); adaptorCtx = sslContext; handler->ssl(std::move(sslContext)); } -- cgit v1.2.3