This will be used later for feeding an extra API call Signed-off-by: Emmanuel Kasper <e.kas...@proxmox.com> --- data/PVE/Cluster.pm | 51 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 11 deletions(-)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm index fef5842..5d69f0c 100644 --- a/data/PVE/Cluster.pm +++ b/data/PVE/Cluster.pm @@ -1443,6 +1443,42 @@ cfs_register_file('datacenter.cfg', \&parse_datacenter_config, \&write_datacenter_config); +sub get_node_ssl_cert { + my ($node) = @_; + + my $cert_path = "/etc/pve/nodes/$node/pve-ssl.pem"; + my $custom_cert_path = "/etc/pve/nodes/$node/pveproxy-ssl.pem"; + + my $cert; + + eval { + my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r'); + $cert = Net::SSLeay::PEM_read_bio_X509($bio); + Net::SSLeay::BIO_free($bio); + }; + + my $err = $@; + + if ($err || !defined($cert)) { + die "unable to read host SSL cert at $cert_path $err\n"; + } + return $cert; +} + +sub get_cert_fingerprint { + my ($cert) = @_; + my $fingerprint; + eval { + $fingerprint = Net::SSLeay::X509_get_fingerprint($cert, 'sha256'); + }; + + my $err = $@; + if ($err || !defined($fingerprint) || $fingerprint eq '') { + die "unable to fingerprint the SSL cert $err\n"; + } + return $fingerprint; +} + # X509 Certificate cache helper my $cert_cache_nodes = {}; @@ -1470,29 +1506,22 @@ sub update_cert_cache { } }; - my $cert_path = "/etc/pve/nodes/$node/pve-ssl.pem"; - my $custom_cert_path = "/etc/pve/nodes/$node/pveproxy-ssl.pem"; - - $cert_path = $custom_cert_path if -f $custom_cert_path; - my $cert; eval { - my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r'); - $cert = Net::SSLeay::PEM_read_bio_X509($bio); - Net::SSLeay::BIO_free($bio); + $cert = get_node_ssl_cert($node); }; my $err = $@; - if ($err || !defined($cert)) { + if ($err) { &$clear_old() if $clear; next; } my $fp; eval { - $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256'); + $fp = get_cert_fingerprint($cert); }; $err = $@; - if ($err || !defined($fp) || $fp eq '') { + if ($err) { &$clear_old() if $clear; next; } -- 2.11.0 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel