[checkmk-commits] Trusted CA certificates: Also read .crt files from cert dirs;

Prevent duplicate CA entries Message-ID: <5947ee4e.h2dohNJCosc4bbcJ%lm(a)mathias-kettner.de> User-Agent: Heirloom mailx 12.5 6/20/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Module: check_mk Branch: master Commit: 69d64f4d95a6c7c9e0db4b4bbcd9a5fa40dc17c3 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=69d64f4d95a6c7… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Jun 19 16:51:25 2017 +0200 Trusted CA certificates: Also read .crt files from cert dirs; Prevent duplicate CA entries Change-Id: I7d5f05cc40cad4ca5918dabfa5891db199ad8c69 --- web/htdocs/watolib.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py index 436a44e..bddd9f7 100644 --- a/web/htdocs/watolib.py +++ b/web/htdocs/watolib.py @@ -412,6 +412,9 @@ class ConfigDomainCACertificates(ConfigDomain): "/etc/pki/tls/certs", # CentOS/RedHat ] + _PEM_RE = re.compile( + b"-----BEGIN CERTIFICATE-----\r?.+?\r?-----END CERTIFICATE-----\r?\n?""", re.DOTALL) + def config_dir(self): return multisite_dir @@ -443,7 +446,7 @@ class ConfigDomainCACertificates(ConfigDomain): def _get_system_wide_trusted_ca_certificates(self): - trusted_cas, errors = [], [] + trusted_cas, errors = set([]), [] for cert_path in self.system_wide_trusted_ca_search_paths: if not os.path.isdir(cert_path): continue @@ -451,10 +454,10 @@ class ConfigDomainCACertificates(ConfigDomain): for entry in os.listdir(cert_path): try: ext = os.path.splitext(entry)[-1] - if ext != ".pem": + if ext not in [ ".pem", ".crt" ]: continue - trusted_cas.append(file(os.path.join(cert_path, entry)).read()) + trusted_cas.update(self._get_certificates_from_file(os.path.join(cert_path, entry))) except IOError: log_exception() errors.append("Failed to add certificate '%s' to trusted CA certificates. " @@ -462,7 +465,12 @@ class ConfigDomainCACertificates(ConfigDomain): break - return trusted_cas, errors + return list(trusted_cas), errors + + def _get_certificates_from_file(self, path): + return [ match.group(0) for match in self._PEM_RE.finditer(open(path).read()) ] + + #. # .--Hosts & Folders-----------------------------------------------------.