diff options
| author | Pete Higgins <pete@peterhiggins.org> | 2020-12-16 14:57:03 -0800 |
|---|---|---|
| committer | Pete Higgins <pete@peterhiggins.org> | 2020-12-16 14:57:03 -0800 |
| commit | 75167e720b36fd3b3873bd0f7d76a05f6ec057e3 (patch) | |
| tree | a17b76ff19b6af6c2e96527f03064e32191301fe | |
| parent | 0e4abd29a2f10bbfe96929d79c432f36dfff2ead (diff) | |
| download | chef-75167e720b36fd3b3873bd0f7d76a05f6ec057e3.tar.gz | |
Handle bad certs in trusted_certs_dir.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
| -rw-r--r-- | lib/chef/http/ssl_policies.rb | 6 | ||||
| -rw-r--r-- | spec/unit/http/ssl_policies_spec.rb | 14 |
2 files changed, 19 insertions, 1 deletions
diff --git a/lib/chef/http/ssl_policies.rb b/lib/chef/http/ssl_policies.rb index f6fd7dc580..152ff4128a 100644 --- a/lib/chef/http/ssl_policies.rb +++ b/lib/chef/http/ssl_policies.rb @@ -87,7 +87,11 @@ class Chef if config.trusted_certs_dir certs = Dir.glob(File.join(Chef::Util::PathHelper.escape_glob_dir(config.trusted_certs_dir), "*.{crt,pem}")) certs.each do |cert_file| - cert = OpenSSL::X509::Certificate.new(File.binread(cert_file)) + cert = begin + OpenSSL::X509::Certificate.new(File.binread(cert_file)) + rescue OpenSSL::X509::CertificateError => e + raise Chef::Exceptions::ConfigurationError, "Error reading cert file '#{cert_file}', original error '#{e.class}: #{e.message}'" + end add_trusted_cert(cert) end end diff --git a/spec/unit/http/ssl_policies_spec.rb b/spec/unit/http/ssl_policies_spec.rb index d984a58f6f..616f0685f3 100644 --- a/spec/unit/http/ssl_policies_spec.rb +++ b/spec/unit/http/ssl_policies_spec.rb @@ -185,6 +185,20 @@ describe "HTTP SSL Policy" do ssl_policy.set_custom_certs # should not raise an error end end + + context "with a bad cert file" do + around do |example| + bad_cert_file = File.join(Chef::Config.trusted_certs_dir, "bad_cert_file.crt") + File.write(bad_cert_file, File.read(__FILE__)) + example.run + ensure + FileUtils.rm(bad_cert_file) + end + + it "raises ConfigurationError" do + expect { ssl_policy.set_custom_certs }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading cert file/) + end + end end end |