Checkmk git commits June 2017

checkmk-commits@lists.checkmk.com

13 participants
266 discussions

4868 FIX oracle_tablespace: Restrict data for check from primary

by Simon Betz

Module: check_mk Branch: master Commit: cab5a661eec2f4b97da18e382704330debecb854 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cab5a661eec2f4… Author: Simon Betz <si(a)mathias-kettner.de> Date: Fri Jun 16 15:20:03 2017 +0200 4868 FIX oracle_tablespace: Restrict data for check from primary Thwew is a chance for wrong check results in Data-Guard Environments with READ ONLY Standby-Databases, when a delay for redo apply has been configured. Change-Id: Ifdf81e10cc03d8be39e4845ce2cdee208b62e971 --- .werks/4868 | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.werks/4868 b/.werks/4868 new file mode 100644 index 0000000..6c32cd6 --- /dev/null +++ b/.werks/4868 @@ -0,0 +1,13 @@ +Title: oracle_tablespace: Restrict data for check from primary +Level: 1 +Component: checks +Class: fix +Compatible: compat +Edition: cre +State: unknown +Version: 1.5.0i1 +Date: 1497619176 + +Thwew is a chance for wrong check results in Data-Guard Environments +with READ ONLY Standby-Databases, when a delay for redo apply has +been configured.

7 years

4785 FIX oracle_locks: New SQL for check

by Simon Betz

Module: check_mk Branch: master Commit: 03fe5ba2c19f5e1c52d66a061d6b556efb322c96 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=03fe5ba2c19f5e… Author: Simon Betz <si(a)mathias-kettner.de> Date: Fri Jun 16 15:15:34 2017 +0200 4785 FIX oracle_locks: New SQL for check The behavior of this check has been changed. There is no output for object_owner and object_name anymore. This has been removed for performance reasons. The check is moved from ASYNC to SYNC, due to very easy SQL for getting the data. The problem with lot of wrong alarms has been solved as well. The old SQL is still existing for users who wants the object_owner and object_name in check result. Please be aware that the old problems are still there. Please make sure that the old check is configured as ASYNC-Check. Otherwise you risk high performance issues in mk_oracle! Please define the following lines in mk_oracle.cfg to get the old behavior: SYNC_SECTIONS="instance sessions logswitches undostat recovery_area processes recovery_status longactivesessions dataguard_stats performance" ASYNC_SECTIONS="tablespaces rman jobs ts_quotas resumable locks_old" Change-Id: Ia3a4df0459f895e521f96668f69e79f97f4ff5fb --- .werks/4785 | 25 +++++++++++++++++++++++++ agents/plugins/mk_oracle | 40 ++++++++++++++++++++++++++++++++++++++-- checks/oracle_locks | 22 +++++++++++++++++++--- 3 files changed, 82 insertions(+), 5 deletions(-) diff --git a/.werks/4785 b/.werks/4785 new file mode 100644 index 0000000..b804fdf --- /dev/null +++ b/.werks/4785 @@ -0,0 +1,25 @@ +Title: oracle_locks: New SQL for check +Level: 1 +Component: checks +Class: fix +Compatible: compat +Edition: cre +State: unknown +Version: 1.5.0i1 +Date: 1497618876 + +The behavior of this check has been changed. There is no output +for object_owner and object_name anymore. This has been removed +for performance reasons. The check is moved from ASYNC to SYNC, due +to very easy SQL for getting the data. The problem with lot of wrong +alarms has been solved as well. + +The old SQL is still existing for users who wants the object_owner +and object_name in check result. Please be aware that the old problems +are still there. Please make sure that the old check is configured +as ASYNC-Check. Otherwise you risk high performance issues in mk_oracle! + +Please define the following lines in mk_oracle.cfg to get the old +behavior: +SYNC_SECTIONS="instance sessions logswitches undostat recovery_area processes recovery_status longactivesessions dataguard_stats performance" +ASYNC_SECTIONS="tablespaces rman jobs ts_quotas resumable locks_old" diff --git a/agents/plugins/mk_oracle b/agents/plugins/mk_oracle index edcd2c0..b199eea 100755 --- a/agents/plugins/mk_oracle +++ b/agents/plugins/mk_oracle @@ -72,12 +72,12 @@ fi # '----------------------------------------------------------------------' # Sections that run fast and do no caching -SYNC_SECTIONS="instance sessions logswitches undostat recovery_area processes recovery_status longactivesessions dataguard_stats performance" +SYNC_SECTIONS="instance sessions logswitches undostat recovery_area processes recovery_status longactivesessions dataguard_stats performance locks" # Sections that are run in the background and at a larger interval. # Note: sections not listed in SYNC_SECTIONS or ASYNC_SECTIONS will not be # executed at all! -ASYNC_SECTIONS="tablespaces rman jobs ts_quotas resumable locks" +ASYNC_SECTIONS="tablespaces rman jobs ts_quotas resumable" # Sections that are run in the background and at a larger interval. # Note: _ASM_ sections are only executed when SID starts with '+' @@ -577,6 +577,42 @@ sql_logswitches() sql_locks() { + if [ "$AT_LEAST_ORACLE_102" = 'yes' ] ; then + echo 'prompt <<<oracle_locks:sep(124)>>>' + echo "select upper(i.instance_name) + || '|' || b.sid + || '|' || b.serial# + || '|' || b.machine + || '|' || b.program + || '|' || b.process + || '|' || b.osuser + || '|' || b.username + || '|' || b.SECONDS_IN_WAIT + || '|' || b.BLOCKING_SESSION_STATUS + || '|' || bs.inst_id + || '|' || bs.sid + || '|' || bs.serial# + || '|' || bs.machine + || '|' || bs.program + || '|' || bs.process + || '|' || bs.osuser + || '|' || bs.username + from v\$session b + join v\$instance i on 1=1 + join gv\$session bs on bs.inst_id = b.BLOCKING_INSTANCE + and bs.sid = b.BLOCKING_SESSION + where b.BLOCKING_SESSION is not null +; + select upper(i.instance_name) + || '|||||||||||||||||' + from v\$instance i +; + " + fi +} + +sql_locks_old() +{ if [ "$AT_LEAST_ORACLE_101" = 'yes' ] ; then echo 'prompt <<<oracle_locks:sep(124)>>>' echo "SET SERVEROUTPUT ON feedback off diff --git a/checks/oracle_locks b/checks/oracle_locks index 5c67f74..549f2dc 100644 --- a/checks/oracle_locks +++ b/checks/oracle_locks @@ -26,8 +26,8 @@ # <<<oracle_locks>>> # TUX12C|273|2985|ora12c.local|sqlplus(a)ora12c.local (TNS V1-V3)|46148|oracle|633|NULL|NULL +# newdb|25|15231|ol6131|sqlplus@ol6131 (TNS V1-V3)|13275|oracle|SYS|3782|VALID|1|407|1463|ol6131|sqlplus@ol6131 (TNS V1-V3)|13018|oracle|SYS -# oracle_sid, sid#, serial#, machine, program, process, osuser, ctime object_owner object_name factory_settings["oracle_locks_defaults"] = { "levels" : (1800, 3600), @@ -51,8 +51,24 @@ def check_oracle_locks(item, params, info): elif isinstance(err, tuple): return err - sid, sidnr, serial, machine, program, process, osuser, ctime, \ - object_owner, object_name = line + if len(line) == 10: + + # old format from locks_old in current plugin + sid, sidnr, serial, machine, program, process, osuser, ctime, \ + object_owner, object_name = line + + elif len(line) == 18: + + sid, sidnr, serial, machine, program, process, osuser, dbusername, ctime, \ + block_status, blk_inst_id, blk_sid, blk_serial, blk_machine, blk_program, \ + blk_process, blk_osuser, blk_dbusername = line + + object_owner = '' + object_name = '' + + else: + + raise MKCounterWrapped("Unknow number of items in agent output") ctime = int(ctime)

7 years

Reserved 20 Werk IDS

by Simon Betz

Module: check_mk Branch: master Commit: 4e45601d4e21da38a120a8eba51737ee9530cc59 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4e45601d4e21da… Author: Simon Betz <si(a)mathias-kettner.de> Date: Fri Jun 16 15:19:22 2017 +0200 Reserved 20 Werk IDS Change-Id: If88b7e729209e165089e514c0dec0415eb0a9fc3 --- .werks/first_free | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.werks/first_free b/.werks/first_free index eee707e..a155f5a 100644 --- a/.werks/first_free +++ b/.werks/first_free @@ -1 +1 @@ -4868 +4888

7 years

4784 FIX oracle_rman: wrong detection of level 1 backup

by Simon Betz

Module: check_mk Branch: master Commit: 3586a4d65fb0e0e8b221815b46ba6e7dc147a7a1 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3586a4d65fb0e0… Author: Simon Betz <si(a)mathias-kettner.de> Date: Fri Jun 16 15:09:28 2017 +0200 4784 FIX oracle_rman: wrong detection of level 1 backup The behavior of some v$-Views in 12.1 has been changed. This could lead to problems when a new Level 0 backup was done after a Level 1. The calculation for the last Level 1 was wrong and has been fixed. Change-Id: Ie15956de7ee19ae59d2e8cf97cbf195331de4a51 --- .werks/4784 | 14 ++++++++++++++ checks/oracle_rman | 18 +++++++++++++++--- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/.werks/4784 b/.werks/4784 new file mode 100644 index 0000000..dc6e401 --- /dev/null +++ b/.werks/4784 @@ -0,0 +1,14 @@ +Title: oracle_rman: wrong detection of level 1 backup +Level: 1 +Component: checks +Class: fix +Compatible: compat +Edition: cre +State: unknown +Version: 1.5.0i1 +Date: 1497618545 + +The behavior of some v$-Views in 12.1 has been changed. +This could lead to problems when a new Level 0 backup +was done after a Level 1. The calculation for the last Level +1 was wrong and has been fixed. diff --git a/checks/oracle_rman b/checks/oracle_rman index 6a44d23..eb5192b 100644 --- a/checks/oracle_rman +++ b/checks/oracle_rman @@ -118,12 +118,24 @@ def check_oracle_rman(item, params, info): else: if item == "%s.%s_%s" % (sid, backuptype, backuplevel): # we got a line from agent - # => use the data from agent - used_incr_0 = False + # is last level 0 younger then current? + + # 12.1 has a change behavior in v$-views for RMAN... + if int(backupage_level0) <= int(backupage): + + # use the level instead of current + used_incr_0 = True + backupage = backupage_level0 + + else: + + # => use the data from agent + used_incr_0 = False else: # use the DB_INCR_0 from agent used_incr_0 = True - sid, end, backupage = sid_level0, end_level0, backupage_level0 + if sid_level0 and end_level0 and backupage_level0: + sid, end, backupage = sid_level0, end_level0, backupage_level0 perfdata = [] state = 2

7 years

4831 FIX HW/SW inventory: fixed missing inventory data from slave sites for new hosts

by Andreas Boesl

Module: check_mk Branch: master Commit: 5591fa45b855012937dec22a4232bc0dd3da28ff URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5591fa45b85501… Author: Andreas Boesl <ab(a)mathias-kettner.de> Date: Fri Jun 16 12:54:03 2017 +0200 4831 FIX HW/SW inventory: fixed missing inventory data from slave sites for new hosts The liveproxyd had problems to transfer inventory data for new hosts to the master site, due to an incorrect cached timestamp. The data was only updated when either the liveproxd restarted or the hw/sw inventory data of this host changed. Change-Id: Idaeaaf43a3ae876aca09bf2b50cd0cd287f03f90 --- .werks/4831 | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.werks/4831 b/.werks/4831 new file mode 100644 index 0000000..e40ebd5 --- /dev/null +++ b/.werks/4831 @@ -0,0 +1,13 @@ +Title: HW/SW inventory: fixed missing inventory data from slave sites for new hosts +Level: 1 +Component: inv +Compatible: compat +Edition: cee +Version: 1.5.0i1 +Date: 1497606655 +Class: fix + +The liveproxyd had problems to transfer inventory data for new hosts to the master site, due to an incorrect cached timestamp. + +The data was only updated when either the liveproxd restarted or the hw/sw inventory data of this host changed. +

7 years

4757 SEC Fixed possible reflected XSS in webapi.py

by Lars Michelsen

Module: check_mk Branch: master Commit: 14a5b79c6f549502244a60146ed6831dc3473f2a URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=14a5b79c6f5495… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jun 14 19:57:33 2017 +0200 4757 SEC Fixed possible reflected XSS in webapi.py In the Check_MK 1.4 branch URLs like this could be used for a reflected XSS attack: <tt>http://<test host>/<site>/check_mk/webapi.py?_username=<script>alert("XSS")</script>&_secret=AnythingHere The error message was interpreted as HTML while it should be a plain text error message. This has been fixed now. Change-Id: Id4f61d6739d1846666031faad00505b22ba45d1f --- .werks/4757 | 17 +++++++++++++++++ web/htdocs/index.py | 6 ++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/.werks/4757 b/.werks/4757 new file mode 100644 index 0000000..a9e561b --- /dev/null +++ b/.werks/4757 @@ -0,0 +1,17 @@ +Title: Fixed possible reflected XSS in webapi.py +Level: 2 +Component: multisite +Class: security +Compatible: compat +Edition: cre +State: unknown +Version: 1.5.0i1 +Date: 1497462847 + +In the Check_MK 1.4 branch URLs like this could be used for a +reflected XSS attack: + +<tt>http://<test host>/<site>/check_mk/webapi.py?_username=<script>alert("XSS")</script>&_secret=AnythingHere + +The error message was interpreted as HTML while it should be a +plain text error message. This has been fixed now. diff --git a/web/htdocs/index.py b/web/htdocs/index.py index 2c84a6a..a0f29dd 100644 --- a/web/htdocs/index.py +++ b/web/htdocs/index.py @@ -71,7 +71,7 @@ def handler(mod_python_req, fields = None, is_profiling = False): try: handler() except Exception, e: - html.write("%s" % e) + html.write_text("%s" % e) if config.debug: html.write_text(traceback.format_exc()) raise FinalizeRequest() @@ -117,6 +117,7 @@ def handler(mod_python_req, fields = None, is_profiling = False): plain_title = e.plain_title() if plain_error(): + html.set_output_format("text") html.write("%s: %s\n" % (plain_title, e)) elif not fail_silently(): html.header(title) @@ -142,7 +143,8 @@ def handler(mod_python_req, fields = None, is_profiling = False): html.unplug_all() log_exception() if plain_error(): - html.write_text(_("Internal error") + ": %s\n" % e) + html.set_output_format("text") + html.write(_("Internal error") + ": %s\n" % e) elif not fail_silently(): modules.get_handler("gui_crash")() response_code = apache.OK

7 years

Added missing default config for trusted_certificate_authorities

by Lars Michelsen

Module: check_mk Branch: master Commit: e574add3852f7f6ed07416d2d48a00667612153b URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e574add3852f7f… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jun 14 19:40:30 2017 +0200 Added missing default config for trusted_certificate_authorities Change-Id: Ibd176ded6e0445cf8466d77a8ec47fe2ac4419df --- web/plugins/config/builtin.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/web/plugins/config/builtin.py b/web/plugins/config/builtin.py index 67f6146..2e02099 100644 --- a/web/plugins/config/builtin.py +++ b/web/plugins/config/builtin.py @@ -337,3 +337,8 @@ export_folder_permissions = False # Name of the hostgroup to filter the network topology view by default topology_default_filter_group = None + +trusted_certificate_authorities = { + "use_system_wide_cas": True, + "trusted_cas": [], +}

7 years

Moved trusted CA management code to cmk git

by Lars Michelsen

Module: check_mk Branch: master Commit: 36cef0036e7d65d89ad17c098ceb25826de2a4d6 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=36cef0036e7d65… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jun 14 17:07:37 2017 +0200 Moved trusted CA management code to cmk git Change-Id: I248e144454ae1f52234410b098e8df6208bd9814 --- web/htdocs/watolib.py | 62 ++++++++++++++++++++++++++++++ web/plugins/wato/check_mk_configuration.py | 36 +++++++++++++++++ 2 files changed, 98 insertions(+) diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py index 599e1e2..c5e9cd3 100644 --- a/web/htdocs/watolib.py +++ b/web/htdocs/watolib.py @@ -395,6 +395,68 @@ class ConfigDomainEventConsole(ConfigDomain): call_hook_mkeventd_activate_changes() + +class ConfigDomainCACertificates(ConfigDomain): + needs_sync = True + needs_activation = True + ident = "ca-certificates" + + trusted_cas_file = "%s/var/ssl/ca-certificates.crt" % cmk.paths.omd_root + + # This is a list of directories that may contain .pem files of trusted CAs. + # The contents of all .pem files will be contantenated together and written + # to "trusted_cas_file". This is done by the function update_trusted_cas(). + # On a system only a single directory, the first existing one is processed. + system_wide_trusted_ca_search_paths = [ + "/etc/ssl/certs", # Ubuntu/Debian/SLES + "/etc/pki/tls/certs", # CentOS/RedHat + ] + + def config_dir(self): + return multisite_dir + + + def config_file(self, site_specific=False): + return os.path.join(self.config_dir(), "ca-certificates.mk") + + + def activate(self): + try: + self._update_trusted_cas() + except Exception, e: + log_exception() + return ["Failed to create trusted CA file '%s': %s" % + (self.trusted_cas_file, traceback.format_exc())] + + + def _update_trusted_cas(self): + trusted_cas = [] + + if config.trusted_certificate_authorities["use_system_wide_cas"]: + trusted_cas += self._get_system_wide_trusted_ca_certificates() + + trusted_cas += config.trusted_certificate_authorities["trusted_cas"] + + store.save_file(self.trusted_cas_file, "\n".join(trusted_cas)) + + + def _get_system_wide_trusted_ca_certificates(self): + trusted_cas = [] + for cert_path in self.system_wide_trusted_ca_search_paths: + if not os.path.isdir(cert_path): + continue + + for entry in os.listdir(cert_path): + ext = os.path.splitext(entry)[-1] + if ext != ".pem": + continue + + trusted_cas.append(file(os.path.join(cert_path, entry)).read()) + + break + + return trusted_cas + #. # .--Hosts & Folders-----------------------------------------------------. # | _ _ _ ___ _____ _ _ | diff --git a/web/plugins/wato/check_mk_configuration.py b/web/plugins/wato/check_mk_configuration.py index 9637b20..1cb61fb 100644 --- a/web/plugins/wato/check_mk_configuration.py +++ b/web/plugins/wato/check_mk_configuration.py @@ -903,6 +903,42 @@ register_configvar(group, ) +register_configvar(_("Site Management"), + "trusted_certificate_authorities", + Dictionary( + title = _("Trusted certificate authorities for SSL"), + help = _("Whenever a server component of Check_MK opens a SSL connection it uses the " + "certificate authorities configured here for verifying the SSL certificate of " + "the destination server. This is used for example when performing WATO " + "replication to slave sites or when special agents are communicating via HTTPS. " + "The CA certificates configured here will be written to the CA bundle %s.") % + site_neutral_path(ConfigDomainCACertificates.trusted_cas_file), + elements = [ + ("use_system_wide_cas", Checkbox( + title = _("Use system wide CAs"), + help = _("All supported linux distributions provide a mechanism of managing " + "trusted CAs. Depending on your linux distributions the paths where " + "these CAs are stored and the commands to manage the CAs differ. " + "Please checko out the documentation of your linux distribution " + "in case you want to customize trusted CAs system wide. You can " + "choose here to trust the system wide CAs here. Check_MK will search " + "these directories for system wide CAs: %s") % + ", ".join(ConfigDomainCACertificates.system_wide_trusted_ca_search_paths), + label = _("Trust system wide configured CAs"), + default_value = True, + )), + ("trusted_cas", ListOfCAs( + title = _("Check_MK specific"), + allow_empty = True, + default_value = [], + )), + ], + optional_keys = False, + ), + domain = ConfigDomainCACertificates, + need_restart = True, +) + #. # .--WATO----------------------------------------------------------------. # | __ ___ _____ ___ |

7 years

Create var/ssl/ ca-certificates.crt right after first access to WATO after update

by Lars Michelsen

Module: check_mk Branch: master Commit: 9a2830a54a9be6571e40843d7a760d595d0c40a9 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9a2830a54a9be6… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jun 14 16:48:57 2017 +0200 Create var/ssl/ca-certificates.crt right after first access to WATO after update Change-Id: Ib59e5ef0294f526acfa749499ac73cd0a3782f15 --- web/htdocs/wato.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index 4b53b34..cbbdf3d 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -125,6 +125,9 @@ def init_wato_datastructures(with_wato_lock=False): if with_wato_lock: lock_exclusive() + if not os.path.exists(ConfigDomainCACertificates.trusted_cas_file): + ConfigDomainCACertificates().activate() + create_sample_config() init_watolib_datastructures()

7 years

Moved CA valuespec to common Check_MK code

by Lars Michelsen

Module: check_mk Branch: master Commit: 244aa980e35b899626f7833476abd175c8aa9afe URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=244aa980e35b89… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jun 14 15:15:59 2017 +0200 Moved CA valuespec to common Check_MK code Change-Id: I4191d8cdd2e24299ac6ce0430ff6946494858323 --- web/htdocs/valuespec.py | 80 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/web/htdocs/valuespec.py b/web/htdocs/valuespec.py index b7886e8..344e365 100644 --- a/web/htdocs/valuespec.py +++ b/web/htdocs/valuespec.py @@ -4347,3 +4347,83 @@ class SchedulePeriod(CascadingDropdown): Integer(minvalue=1, maxvalue=28)), ] + from_end_choice ) + + + +class CAorCAChain(UploadOrPasteTextFile): + def __init__(self, **args): + args.setdefault("title", _("Certificate Chain (Root / Intermediate Certificate)")) + args.setdefault("file_title", _("CRT/PEM File")) + UploadOrPasteTextFile.__init__(self, **args) + + + def from_html_vars(self, varprefix): + value = Alternative.from_html_vars(self, varprefix) + if type(value) == tuple: + value = value[2] # FileUpload sends (filename, mime-type, content) + return value + + + def validate_value(self, value, varprefix): + try: + self.analyse_cert(value) + except Exception, e: + # FIXME TODO: Cleanup this general exception catcher + raise MKUserError(varprefix, _("Invalid certificate file")) + + + def analyse_cert(self, value): + from OpenSSL import crypto + cert = crypto.load_certificate(crypto.FILETYPE_PEM, value) + titles = { + "C" : _("Country"), + "ST" : _("State or Province Name"), + "L" : _("Locality Name"), + "O" : _("Organization Name"), + "CN" : _("Common Name"), + } + cert_info = {} + for what, x509, title in [ + ( "issuer", cert.get_issuer(), _("Issuer") ), + ( "subject", cert.get_subject(), _("Subject") ), + ]: + cert_info[what] = {} + for key, val in x509.get_components(): + if key in titles: + cert_info[what][titles[key]] = val.decode("utf8") + return cert_info + + + def value_to_text(self, value): + cert_info = self.analyse_cert(value) + text = "<table>" + for what, title in [ + ( "issuer", _("Issuer") ), + ( "subject", _("Subject") ), + ]: + text += "<tr><td>%s:</td><td>" % title + for title, value in sorted(cert_info[what].items()): + text += "%s: %s<br>" % (title, value) + text += "</tr>" + text += "</table>" + return text + + + +# Move this to wato.py or valuespec.py as soon as we need this at least +# once again somewhere +def ListOfCAs(**args): + args.setdefault("title", _("CAs to accept")) + args.setdefault("help", _("Only accepting HTTPS connections with a server which certificate " + "is signed with one of the CAs that are listed here. That way it is guaranteed " + "that it is communicating only with the authentic update server. " + "If you use self signed certificates for you server then enter that certificate " + "here.")) + args.setdefault("add_label", _("Add new CA certificate or chain")) + args.setdefault("empty_text", _("You need to enter at least one CA. Otherwise no SSL connection can be made.")) + args.setdefault("allow_empty", False) + return ListOf( + CAorCAChain(), + movable = False, + **args + )

7 years

← Newer
1
...
14
15
16
17
18
19
20
...
27
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits June 2017