Cli: Catch ssl errors in pki request command

fixes #7426
This commit is contained in:
Michael Friedrich 2014-10-23 16:07:48 +02:00
parent e80fd0fbfa
commit 339d0604e1
4 changed files with 39 additions and 9 deletions

View File

@ -173,16 +173,46 @@ int PkiUtility::RequestCertificate(const String& host, const String& port, const
{
TcpSocket::Ptr client = make_shared<TcpSocket>();
try {
client->Connect(host, port);
} catch (const std::exception& ex) {
Log(LogCritical, "cli")
<< "Cannot connect to host '" << host << "' on port '" << port << "'";
Log(LogDebug, "cli")
<< "Cannot connect to host '" << host << "' on port '" << port << "':\n" << DiagnosticInformation(ex);
return 1;
}
shared_ptr<SSL_CTX> sslContext = MakeSSLContext(certfile, keyfile);
shared_ptr<SSL_CTX> sslContext = make_shared<SSL_CTX>();
try {
sslContext = MakeSSLContext(certfile, keyfile);
} catch (const std::exception& ex) {
Log(LogCritical, "cli")
<< "Cannot make SSL context for cert path: '" << certfile << "' key path: '" << keyfile << "' ca path: '" << cafile << "'.";
return 1;
}
TlsStream::Ptr stream = make_shared<TlsStream>(client, RoleClient, sslContext);
try {
stream->Handshake();
} catch (const std::exception&) {
Log(LogCritical, "cli", "Client TLS handshake failed.");
return 1;
}
shared_ptr<X509> peerCert = stream->GetPeerCertificate();
shared_ptr<X509> trustedCert = GetX509Certificate(trustedfile);
shared_ptr<X509> trustedCert = make_shared<X509>();
try {
trustedCert = GetX509Certificate(trustedfile);
} catch (const std::exception&) {
Log(LogCritical, "cli")
<< "Cannot get trusted from cert path: '" << trustedfile << "'.";
return 1;
}
if (CertificateToString(peerCert) != CertificateToString(trustedCert)) {
Log(LogCritical, "cli", "Peer certificate does not match trusted certificate.");

View File

@ -59,7 +59,7 @@ void RepositoryCommitCommand::InitParameters(boost::program_options::options_des
}
/**
* The entry point for the "object list" CLI command.
* The entry point for the "repository commit" CLI command.
*
* @returns An exit status.
*/

View File

@ -29,7 +29,7 @@ namespace icinga
{
/**
* The "object list" command.
* The "repository commit" command.
*
* @ingroup cli
*/

View File

@ -142,7 +142,7 @@ int RepositoryObjectCommand::Run(const boost::program_options::variables_map& vm
{
if (ap.empty()) {
Log(LogCritical, "cli")
<< "No object name given. Bailing out.\n";
<< "No object name given. Bailing out.";
return 1;
}
@ -157,9 +157,9 @@ int RepositoryObjectCommand::Run(const boost::program_options::variables_map& vm
BOOST_FOREACH(const String& kv, attrs) {
boost::algorithm::split(tokens, kv, boost::is_any_of("="));
if (tokens.size() == 2)
if (tokens.size() == 2) {
attr->Set(tokens[0], tokens[1]);
else
} else
Log(LogWarning, "cli")
<< "Cannot parse passed attributes for object '" << name << "': " << boost::algorithm::join(tokens, "=");
}