Module: check_mk
Branch: master
Commit: caa59f8f4bb249c7abb51a7d2c7a45c73e5f5916
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=caa59f8f4bb249…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jun 19 15:59:14 2017 +0200
Improved error handling during building Check_MK trusted CA bundle
Change-Id: I271da35de907f51c77551118b4e0f50a8f40d231
---
web/htdocs/watolib.py | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py
index ccc3b31..436a44e 100644
--- a/web/htdocs/watolib.py
+++ b/web/htdocs/watolib.py
@@ -422,7 +422,7 @@ class ConfigDomainCACertificates(ConfigDomain):
def activate(self):
try:
- self._update_trusted_cas()
+ return self._update_trusted_cas()
except Exception, e:
log_exception()
return ["Failed to create trusted CA file '%s': %s" %
@@ -430,32 +430,39 @@ class ConfigDomainCACertificates(ConfigDomain):
def _update_trusted_cas(self):
- trusted_cas = []
+ trusted_cas, errors = [], []
if config.trusted_certificate_authorities["use_system_wide_cas"]:
- trusted_cas += self._get_system_wide_trusted_ca_certificates()
+ trusted, errors = self._get_system_wide_trusted_ca_certificates()
+ trusted_cas += trusted
trusted_cas += config.trusted_certificate_authorities["trusted_cas"]
store.save_file(self.trusted_cas_file, "\n".join(trusted_cas))
+ return errors
def _get_system_wide_trusted_ca_certificates(self):
- trusted_cas = []
+ trusted_cas, errors = [], []
for cert_path in self.system_wide_trusted_ca_search_paths:
if not os.path.isdir(cert_path):
continue
for entry in os.listdir(cert_path):
- ext = os.path.splitext(entry)[-1]
- if ext != ".pem":
- continue
+ try:
+ ext = os.path.splitext(entry)[-1]
+ if ext != ".pem":
+ continue
- trusted_cas.append(file(os.path.join(cert_path, entry)).read())
+ trusted_cas.append(file(os.path.join(cert_path, entry)).read())
+ except IOError:
+ log_exception()
+ errors.append("Failed to add certificate '%s' to trusted
CA certificates. "
+ "See web.log for details." %
os.path.join(cert_path, entry))
break
- return trusted_cas
+ return trusted_cas, errors
#.
# .--Hosts & Folders-----------------------------------------------------.