proxmox-mirrors/pve-common
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-common synced 2025-08-15 06:14:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

cert: make die helper a private sub and fix code style on use

Browse Source 
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2023-03-07 18:02:55 +01:00
parent 60a05ecd88
commit 74bb32adde
1 changed files with 9 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/PVE/Certificate.pm
View File

@ -179,7 +179,7 @@ sub der_to_pem {
return "-----BEGIN $label-----\n$b64\n-----END $label-----\n"; return "-----BEGIN $label-----\n$b64\n-----END $label-----\n";
} }
my $ssl_die = sub { my sub ssl_die {
my ($msg) = @_; my ($msg) = @_;
Net::SSLeay::die_now($msg); Net::SSLeay::die_now($msg);
}; };
@ -196,7 +196,7 @@ my $read_certificate = sub {
die "'$cert_path' does not exist!\n" if ! -e $cert_path; die "'$cert_path' does not exist!\n" if ! -e $cert_path;
my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r') my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r')
or $ssl_die->("unable to read '$cert_path' - $!\n"); or ssl_die("unable to read '$cert_path' - $!\n");
my $cert = Net::SSLeay::PEM_read_bio_X509($bio); my $cert = Net::SSLeay::PEM_read_bio_X509($bio);
Net::SSLeay::BIO_free($bio); Net::SSLeay::BIO_free($bio);
@ -208,9 +208,9 @@ my $read_certificate = sub {
sub convert_asn1_to_epoch { sub convert_asn1_to_epoch {
my ($asn1_time) = @_; my ($asn1_time) = @_;
$ssl_die->("invalid ASN1 time object\n") if !$asn1_time; ssl_die("invalid ASN1 time object\n") if !$asn1_time;
my $iso_time = Net::SSLeay::P_ASN1_TIME_get_isotime($asn1_time); my $iso_time = Net::SSLeay::P_ASN1_TIME_get_isotime($asn1_time);
$ssl_die->("unable to parse ASN1 time\n") if $iso_time eq ''; ssl_die("unable to parse ASN1 time\n") if $iso_time eq '';
return Date::Parse::str2time($iso_time); return Date::Parse::str2time($iso_time);
} }
@ -238,27 +238,19 @@ sub check_certificate_matches_key {
die "Certificate key '$key_path' does not exist!\n" if ! -e $key_path; die "Certificate key '$key_path' does not exist!\n" if ! -e $key_path;
my $ctx = Net::SSLeay::CTX_new() my $ctx = Net::SSLeay::CTX_new()
or $ssl_die->( or ssl_die("Failed to create SSL context in order to verify private key");
"Failed to create SSL context in order to verify private key"
);
eval { eval {
my $filetype = &Net::SSLeay::FILETYPE_PEM; my $filetype = &Net::SSLeay::FILETYPE_PEM;
Net::SSLeay::CTX_use_PrivateKey_file($ctx, $key_path, $filetype) Net::SSLeay::CTX_use_PrivateKey_file($ctx, $key_path, $filetype)
or $ssl_die->( or ssl_die("Failed to load private key from '$key_path' into SSL context");
"Failed to load private key from '$key_path' into SSL context"
);
Net::SSLeay::CTX_use_certificate_file($ctx, $cert_path, $filetype) Net::SSLeay::CTX_use_certificate_file($ctx, $cert_path, $filetype)
or $ssl_die->( or ssl_die("Failed to load certificate from '$cert_path' into SSL context");
"Failed to load certificate from '$cert_path' into SSL context"
);
Net::SSLeay::CTX_check_private_key($ctx) Net::SSLeay::CTX_check_private_key($ctx)
or $ssl_die->( or ssl_die("Failed to validate private key and certificate");
"Failed to validate private key and certificate"
);
}; };
my $err = $@; my $err = $@;
@ -397,7 +389,7 @@ sub generate_csr {
# this unfortunately causes a small memory leak, since there is no # this unfortunately causes a small memory leak, since there is no
# X509_NAME_free() (yet) # X509_NAME_free() (yet)
my $name = Net::SSLeay::X509_NAME_new(); my $name = Net::SSLeay::X509_NAME_new();
$ssl_die->("Failed to allocate X509_NAME object\n") if !$name; ssl_die("Failed to allocate X509_NAME object\n") if !$name;
my $add_name_entry = sub { my $add_name_entry = sub {
my ($k, $v) = @_; my ($k, $v) = @_;