Addressed certificate read issue
Certificate reading is failed if Key and Certificate in different order
Git Issue ID:
- https://github.com/openbmc/bmcweb/issues/91
Root Cause:
In uploaded certificate the order is in CSR and then RSA, due
to this certificate reading is failed when same file pointer are used
for read key and certificate.
Solution:
Setting file pointer to point beginning of the file to avoid
key and certificate order error and it will support both order.
Tested By:
- Uploaded the certificate by changing component order.
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -H
"Content-Type: application/octet-stream" -X POST -T cert.pem
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates
Change-Id: I6f6d41e7b8a7c2f7c5ce53c5d1bbdf69189119b2
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index 2b67661..7aa1c53 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -72,6 +72,12 @@
if (privateKeyValid)
{
+ // If the order is certificate followed by key in input file
+ // then, certificate read will fail. So, setting the file
+ // pointer to point beginning of file to avoid certificate and
+ // key order issue.
+ fseek(file, 0, SEEK_SET);
+
X509 *x509 = PEM_read_X509(file, NULL, NULL, NULL);
if (x509 == nullptr)
{