tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CA Proxy: Catch exceptions from VerifyCertificate()

This commit is contained in:
Michael Friedrich 2020-02-17 17:43:11 +01:00
parent 548eb933c9
commit 24397fbee8
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/remote/jsonrpcconnection-pki.cpp
View File

@ -53,7 +53,13 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
String cn = GetCertificateCN(cert); String cn = GetCertificateCN(cert);
bool signedByCA = VerifyCertificate(cacert, cert); bool signedByCA;
try {
signedByCA = VerifyCertificate(cacert, cert);
} catch (const std::exception& ex) {
}
Log(LogInformation, "JsonRpcConnection") Log(LogInformation, "JsonRpcConnection")
<< "Received certificate request for CN '" << cn << "'" << "Received certificate request for CN '" << cn << "'"
@ -199,7 +205,7 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
* this ensures that the CA we have in /var/lib/icinga2/ca matches the one * this ensures that the CA we have in /var/lib/icinga2/ca matches the one
* we're using for cluster connections (there's no point in sending a client * we're using for cluster connections (there's no point in sending a client
* a certificate it wouldn't be able to use to connect to us anyway) */ * a certificate it wouldn't be able to use to connect to us anyway) */
if (!VerifyCertificate(cacert, newcert)) { if (!signedByCA) {
Log(LogWarning, "JsonRpcConnection") Log(LogWarning, "JsonRpcConnection")
<< "The CA in '" << listener->GetDefaultCaPath() << "' does not match the CA which Icinga uses " << "The CA in '" << listener->GetDefaultCaPath() << "' does not match the CA which Icinga uses "
<< "for its own cluster connections. This is most likely a configuration problem."; << "for its own cluster connections. This is most likely a configuration problem.";