[checkmk-commits] Improved error handling during building Check_MK trusted CA bundle

Module: check_mk Branch: master Commit: caa59f8f4bb249c7abb51a7d2c7a45c73e5f5916 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=caa59f8f4bb249… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Jun 19 15:59:14 2017 +0200 Improved error handling during building Check_MK trusted CA bundle Change-Id: I271da35de907f51c77551118b4e0f50a8f40d231 --- web/htdocs/watolib.py | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py index ccc3b31..436a44e 100644 --- a/web/htdocs/watolib.py +++ b/web/htdocs/watolib.py @@ -422,7 +422,7 @@ class ConfigDomainCACertificates(ConfigDomain): def activate(self): try: - self._update_trusted_cas() + return self._update_trusted_cas() except Exception, e: log_exception() return ["Failed to create trusted CA file '%s': %s" % @@ -430,32 +430,39 @@ class ConfigDomainCACertificates(ConfigDomain): def _update_trusted_cas(self): - trusted_cas = [] + trusted_cas, errors = [], [] if config.trusted_certificate_authorities["use_system_wide_cas"]: - trusted_cas += self._get_system_wide_trusted_ca_certificates() + trusted, errors = self._get_system_wide_trusted_ca_certificates() + trusted_cas += trusted trusted_cas += config.trusted_certificate_authorities["trusted_cas"] store.save_file(self.trusted_cas_file, "\n".join(trusted_cas)) + return errors def _get_system_wide_trusted_ca_certificates(self): - trusted_cas = [] + trusted_cas, errors = [], [] for cert_path in self.system_wide_trusted_ca_search_paths: if not os.path.isdir(cert_path): continue for entry in os.listdir(cert_path): - ext = os.path.splitext(entry)[-1] - if ext != ".pem": - continue + try: + ext = os.path.splitext(entry)[-1] + if ext != ".pem": + continue - trusted_cas.append(file(os.path.join(cert_path, entry)).read()) + trusted_cas.append(file(os.path.join(cert_path, entry)).read()) + except IOError: + log_exception() + errors.append("Failed to add certificate '%s' to trusted CA certificates. " + "See web.log for details." % os.path.join(cert_path, entry)) break - return trusted_cas + return trusted_cas, errors #. # .--Hosts & Folders-----------------------------------------------------.