diff options
| author |   Scott Murray <scott.murray@konsulko.com> | 2025-03-07 00:35:47 -0500 |
|---|---|---|
| committer | Scott Murray <scott.murray@konsulko.com> | 2025-03-25 15:44:43 -0400 |
| commit | e2ad7f96f1e4f3ec88848daca5909e3ae01b2126 (patch) | |
| tree | 9e43a9ecf0a368819dac315258428c0d89e4d2e9 /src/KuksaConfig.cpp | |
| parent | 2e7d2c7a4d9c6dd37552c69a896286aa7dacd2c3 (diff) | |
Rework TLS configuration to add an explicit "use-tls" option like
newer clients have, and to make using a CA certificate optional
to allow potentially using issued certificates. The new option
defaults to TLS disabled, which is a breaking change for most
existing configuration files.
Bug-AGL: SPEC-5387
Change-Id: Ic21caf403733a015853f70c9928f930ab9834710
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Diffstat (limited to 'src/KuksaConfig.cpp')
| -rw-r--r-- | src/KuksaConfig.cpp | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/src/KuksaConfig.cpp b/src/KuksaConfig.cpp index 8fe09f6..ffb2162 100644 --- a/src/KuksaConfig.cpp +++ b/src/KuksaConfig.cpp @@ -16,8 +16,6 @@ namespace property_tree = boost::property_tree; namespace filesystem = boost::filesystem; -#define DEFAULT_CA_CERT_FILE "/etc/kuksa-val/CA.pem" - inline void load_string_file(const filesystem::path& p, std::string& str) { @@ -35,11 +33,15 @@ void load_string_file(const filesystem::path& p, std::string& str) KuksaConfig::KuksaConfig(const std::string &hostname, const unsigned port, + const bool useTls, + const std::string &caCertFileName, const std::string &caCert, const std::string &tlsServerName, const std::string &authToken) : m_hostname(hostname), m_port(port), + m_useTls(useTls), + m_caCertFileName(caCertFileName), m_caCert(caCert), m_tlsServerName(tlsServerName), m_authToken(authToken), @@ -75,7 +77,7 @@ KuksaConfig::KuksaConfig(const std::string &appname) : const property_tree::ptree &settings = pt.get_child("kuksa-client", property_tree::ptree()); - m_hostname = settings.get("server", "localhost"); + m_hostname = settings.get("hostname", "localhost"); std::stringstream ss; ss << m_hostname; ss >> std::quoted(m_hostname); @@ -90,18 +92,19 @@ KuksaConfig::KuksaConfig(const std::string &appname) : return; } - std::string caCertFileName = settings.get("ca-certificate", DEFAULT_CA_CERT_FILE); + m_useTls = settings.get("use-tls", false); + + std::string caCertFileName = settings.get("ca-certificate", ""); std::stringstream().swap(ss); ss << caCertFileName; ss >> std::quoted(caCertFileName); - if (caCertFileName.empty()) { - std::cerr << "Invalid CA certificate filename" << std::endl; - return; - } - readFile(caCertFileName, m_caCert); - if (m_caCert.empty()) { - std::cerr << "Invalid CA certificate file" << std::endl; - return; + m_caCertFileName = caCertFileName; + if (!caCertFileName.empty()) { + readFile(caCertFileName, m_caCert); + if (m_caCert.empty()) { + std::cerr << "Invalid CA certificate file" << std::endl; + return; + } } m_tlsServerName = settings.get("tls-server-name", ""); |