Make cert generate for readonly directories
When run from a development PC, we shouldn't REQUIRE that the cert
directory exists or is writable.
This commit reworks the SSL cert generation to generate a string with
the certification info, instead of writing it to disk and reading it
back. This allows bmcweb to start up in read-only environments, or
environments where there isn't access to the key information.
Tested: Launching the application on a dev desktop without an ssl
directory present no longer crashes.
Change-Id: I0d44eb1ce8d298986c5560803ca2d72958d3707c
Signed-off-by: Ed Tanous <ed@tanous.net>
diff --git a/http/http_server.hpp b/http/http_server.hpp
index 206a0d1..6088ca1 100644
--- a/http/http_server.hpp
+++ b/http/http_server.hpp
@@ -17,6 +17,7 @@
#include <filesystem>
#include <future>
#include <memory>
+#include <string>
#include <utility>
#include <vector>
@@ -96,9 +97,19 @@
fs::path certFile = certPath / "server.pem";
BMCWEB_LOG_INFO("Building SSL Context file={}", certFile.string());
std::string sslPemFile(certFile);
- ensuressl::ensureOpensslKeyPresentAndValid(sslPemFile);
+ std::string cert =
+ ensuressl::ensureOpensslKeyPresentAndValid(sslPemFile);
+ if (cert.empty())
+ {
+ throw std::runtime_error("Failed to load string");
+ }
std::shared_ptr<boost::asio::ssl::context> sslContext =
- ensuressl::getSslContext(sslPemFile);
+ ensuressl::getSslContext(cert);
+ if (sslContext == nullptr)
+ {
+ throw std::runtime_error("Failed to load certificate");
+ }
+ BMCWEB_LOG_DEBUG("Replaced certificate");
adaptorCtx = sslContext;
handler->ssl(std::move(sslContext));
}