| commit | 5d00cf2560f387aa3ca4c58be5ec173fe289f0e5 | [log] [tgz] |
|---|---|---|
| author | Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> | Thu Oct 03 12:10:20 2019 +0200 |
| committer | Ratan Gupta <ratagupt@linux.vnet.ibm.com> | Wed Nov 06 10:50:48 2019 +0000 |
| tree | 5584b00ff7d27cde2df7f1da82fea3aa46326e2c | |
| parent | 7c6e7cffaf061aabfe5489ef52442e2f7cbd0fb7 [diff] [blame] |
Support uploading multiple certificates for ldap configuration This code change regards replacing a path to CA file with directory location holding multiple CA files within it. Implementation assumes that one can still define TLS_CACERT_FILE as either a single CA file or directory location. Depending if the path points to a file or a directory a proper value will be set in /etc/nslcd.conf This code change depends on another change requests: https://gerrit.openbmc-project.xyz/c/openbmc/meta-phosphor/+/25987 https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/23348 Tested: Manually tested, all changes propagate properly to /etc/nslcd.conf file. Unit Tests are passing. Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Depends-On: Icd33723c1fc2580679aaaf54b3e99dfb09342402 Depends-On: Ia02c552eb27744e45ccfff3b3a1232d10e65da74 Change-Id: I85dabd4841018f04b0b9e9b58dca9579e7ff1999
diff --git a/phosphor-ldap-config/ldap_config.cpp b/phosphor-ldap-config/ldap_config.cpp index 1620d1d..913dae3 100644 --- a/phosphor-ldap-config/ldap_config.cpp +++ b/phosphor-ldap-config/ldap_config.cpp
@@ -228,7 +228,14 @@ { confData << "ssl on\n"; confData << "tls_reqcert hard\n"; - confData << "tls_cacertFile " << tlsCacertFile.c_str() << "\n"; + if (fs::is_directory(tlsCacertFile.c_str())) + { + confData << "tls_cacertdir " << tlsCacertFile.c_str() << "\n"; + } + else + { + confData << "tls_cacertfile " << tlsCacertFile.c_str() << "\n"; + } if (fs::exists(tlsCertFile.c_str())) { confData << "tls_cert " << tlsCertFile.c_str() << "\n";