tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ApiListener#RenewCert(): enable optional CA creation

This commit is contained in:
Alexander A. Klimov 2023-11-06 10:34:16 +01:00
parent 7b55df6f11
commit 36a08b0497
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/remote/apilistener.cpp
View File

@ -181,12 +181,12 @@ void ApiListener::OnConfigLoaded()
UpdateSSLContext(); UpdateSSLContext();
} }
std::shared_ptr<X509> ApiListener::RenewCert(const std::shared_ptr<X509>& cert) std::shared_ptr<X509> ApiListener::RenewCert(const std::shared_ptr<X509>& cert, bool ca)
{ {
std::shared_ptr<EVP_PKEY> pubkey (X509_get_pubkey(cert.get()), EVP_PKEY_free); std::shared_ptr<EVP_PKEY> pubkey (X509_get_pubkey(cert.get()), EVP_PKEY_free);
auto subject (X509_get_subject_name(cert.get())); auto subject (X509_get_subject_name(cert.get()));
auto cacert (GetX509Certificate(GetDefaultCaPath())); auto cacert (GetX509Certificate(GetDefaultCaPath()));
auto newcert (CreateCertIcingaCA(pubkey.get(), subject)); auto newcert (CreateCertIcingaCA(pubkey.get(), subject, ca));
/* verify that the new cert matches the CA we're using for the ApiListener; /* verify that the new cert matches the CA we're using for the ApiListener;
* this ensures that the CA we have in /var/lib/icinga2/ca matches the one * this ensures that the CA we have in /var/lib/icinga2/ca matches the one

2
lib/remote/apilistener.hpp
View File

@ -91,7 +91,7 @@ public:
static String GetCaDir(); static String GetCaDir();
static String GetCertificateRequestsDir(); static String GetCertificateRequestsDir();
std::shared_ptr<X509> RenewCert(const std::shared_ptr<X509>& cert); std::shared_ptr<X509> RenewCert(const std::shared_ptr<X509>& cert, bool ca = false);
void UpdateSSLContext(); void UpdateSSLContext();
static ApiListener::Ptr GetInstance(); static ApiListener::Ptr GetInstance();