diff options
| author |   Scott Murray <scott.murray@konsulko.com> | 2025-03-07 00:29:19 -0500 |
|---|---|---|
| committer | Scott Murray <scott.murray@konsulko.com> | 2025-03-25 15:41:48 -0400 |
| commit | 03cae3b01fe81328561a90119609a81924247cfe (patch) | |
| tree | b4755a2bd76f2bed7188004d2dae5e8d6d898efa /src/KuksaConfig.cpp | |
| parent | 07ba7e2c705e0d180ce976fec36a2bdea23c3294 (diff) | |
Rework TLS configuration to add an explicit "use-tls" option like
newer clients have, and to make using a CA certificate optional
to allow potentially using issued certificates. The new option
defaults to TLS disabled, which is a breaking change for most
existing configuration files.
Bug-AGL: SPEC-5387
Change-Id: Id27726a3a4f2f32b521e5ac4bed029780654d8d9
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Diffstat (limited to 'src/KuksaConfig.cpp')
| -rw-r--r-- | src/KuksaConfig.cpp | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/src/KuksaConfig.cpp b/src/KuksaConfig.cpp index 8fe09f6..ffb2162 100644 --- a/src/KuksaConfig.cpp +++ b/src/KuksaConfig.cpp @@ -16,8 +16,6 @@ namespace property_tree = boost::property_tree; namespace filesystem = boost::filesystem; -#define DEFAULT_CA_CERT_FILE "/etc/kuksa-val/CA.pem" - inline void load_string_file(const filesystem::path& p, std::string& str) { @@ -35,11 +33,15 @@ void load_string_file(const filesystem::path& p, std::string& str) KuksaConfig::KuksaConfig(const std::string &hostname, const unsigned port, + const bool useTls, + const std::string &caCertFileName, const std::string &caCert, const std::string &tlsServerName, const std::string &authToken) : m_hostname(hostname), m_port(port), + m_useTls(useTls), + m_caCertFileName(caCertFileName), m_caCert(caCert), m_tlsServerName(tlsServerName), m_authToken(authToken), @@ -75,7 +77,7 @@ KuksaConfig::KuksaConfig(const std::string &appname) : const property_tree::ptree &settings = pt.get_child("kuksa-client", property_tree::ptree()); - m_hostname = settings.get("server", "localhost"); + m_hostname = settings.get("hostname", "localhost"); std::stringstream ss; ss << m_hostname; ss >> std::quoted(m_hostname); @@ -90,18 +92,19 @@ KuksaConfig::KuksaConfig(const std::string &appname) : return; } - std::string caCertFileName = settings.get("ca-certificate", DEFAULT_CA_CERT_FILE); + m_useTls = settings.get("use-tls", false); + + std::string caCertFileName = settings.get("ca-certificate", ""); std::stringstream().swap(ss); ss << caCertFileName; ss >> std::quoted(caCertFileName); - if (caCertFileName.empty()) { - std::cerr << "Invalid CA certificate filename" << std::endl; - return; - } - readFile(caCertFileName, m_caCert); - if (m_caCert.empty()) { - std::cerr << "Invalid CA certificate file" << std::endl; - return; + m_caCertFileName = caCertFileName; + if (!caCertFileName.empty()) { + readFile(caCertFileName, m_caCert); + if (m_caCert.empty()) { + std::cerr << "Invalid CA certificate file" << std::endl; + return; + } } m_tlsServerName = settings.get("tls-server-name", ""); |