tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-07-24 22:24:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Cli: Catch ssl errors in pki request command

Browse Source 
fixes #7426
This commit is contained in:
Michael Friedrich 2014-10-23 16:07:48 +02:00
parent e80fd0fbfa
commit 339d0604e1
4 changed files with 39 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
lib/cli/pkiutility.cpp
View File

@ -173,16 +173,46 @@ int PkiUtility::RequestCertificate(const String& host, const String& port, const
{ {
TcpSocket::Ptr client = make_shared<TcpSocket>(); TcpSocket::Ptr client = make_shared<TcpSocket>();
client->Connect(host, port); try {
client->Connect(host, port);
} catch (const std::exception& ex) {
Log(LogCritical, "cli")
<< "Cannot connect to host '" << host << "' on port '" << port << "'";
Log(LogDebug, "cli")
<< "Cannot connect to host '" << host << "' on port '" << port << "':\n" << DiagnosticInformation(ex);
return 1;
}
shared_ptr<SSL_CTX> sslContext = MakeSSLContext(certfile, keyfile); shared_ptr<SSL_CTX> sslContext = make_shared<SSL_CTX>();
try {
sslContext = MakeSSLContext(certfile, keyfile);
} catch (const std::exception& ex) {
Log(LogCritical, "cli")
<< "Cannot make SSL context for cert path: '" << certfile << "' key path: '" << keyfile << "' ca path: '" << cafile << "'.";
return 1;
}
TlsStream::Ptr stream = make_shared<TlsStream>(client, RoleClient, sslContext); TlsStream::Ptr stream = make_shared<TlsStream>(client, RoleClient, sslContext);
stream->Handshake(); try {
stream->Handshake();
} catch (const std::exception&) {
Log(LogCritical, "cli", "Client TLS handshake failed.");
return 1;
}
shared_ptr<X509> peerCert = stream->GetPeerCertificate(); shared_ptr<X509> peerCert = stream->GetPeerCertificate();
shared_ptr<X509> trustedCert = GetX509Certificate(trustedfile);
shared_ptr<X509> trustedCert = make_shared<X509>();
try {
trustedCert = GetX509Certificate(trustedfile);
} catch (const std::exception&) {
Log(LogCritical, "cli")
<< "Cannot get trusted from cert path: '" << trustedfile << "'.";
return 1;
}
if (CertificateToString(peerCert) != CertificateToString(trustedCert)) { if (CertificateToString(peerCert) != CertificateToString(trustedCert)) {
Log(LogCritical, "cli", "Peer certificate does not match trusted certificate."); Log(LogCritical, "cli", "Peer certificate does not match trusted certificate.");

2
lib/cli/repositorycommitcommand.cpp
View File

@ -59,7 +59,7 @@ void RepositoryCommitCommand::InitParameters(boost::program_options::options_des
} }
/** /**
* The entry point for the "object list" CLI command. * The entry point for the "repository commit" CLI command.
* *
* @returns An exit status. * @returns An exit status.
*/ */

2
lib/cli/repositorycommitcommand.hpp
View File

@ -29,7 +29,7 @@ namespace icinga
{ {
/** /**
* The "object list" command. * The "repository commit" command.
* *
* @ingroup cli * @ingroup cli
*/ */

6
lib/cli/repositoryobjectcommand.cpp
View File

@ -142,7 +142,7 @@ int RepositoryObjectCommand::Run(const boost::program_options::variables_map& vm
{ {
if (ap.empty()) { if (ap.empty()) {
Log(LogCritical, "cli") Log(LogCritical, "cli")
<< "No object name given. Bailing out.\n"; << "No object name given. Bailing out.";
return 1; return 1;
} }
@ -157,9 +157,9 @@ int RepositoryObjectCommand::Run(const boost::program_options::variables_map& vm
BOOST_FOREACH(const String& kv, attrs) { BOOST_FOREACH(const String& kv, attrs) {
boost::algorithm::split(tokens, kv, boost::is_any_of("=")); boost::algorithm::split(tokens, kv, boost::is_any_of("="));
if (tokens.size() == 2) if (tokens.size() == 2) {
attr->Set(tokens[0], tokens[1]); attr->Set(tokens[0], tokens[1]);
else } else
Log(LogWarning, "cli") Log(LogWarning, "cli")
<< "Cannot parse passed attributes for object '" << name << "': " << boost::algorithm::join(tokens, "="); << "Cannot parse passed attributes for object '" << name << "': " << boost::algorithm::join(tokens, "=");
} }