Fix alpine ca (#354)

* fix ca loading for alpine * fix ca loading for alpine * fix ca loading for alpine * change gzipped detection * change gzipped detection --------- Co-authored-by: Daniel Eisenberg <danielei@checkpoint.com>
2025-11-15 17:02:15 +03:00 · 2025-09-30 18:19:15 +03:00
parent 0c0da6d91b
commit b74957d9d4
11 changed files with 213 additions and 15 deletions
--- a/core/include/services_sdk/resources/debug_flags.h
+++ b/core/include/services_sdk/resources/debug_flags.h
@@ -106,6 +106,7 @@ DEFINE_FLAG(D_COMPONENT, D_ALL)
            DEFINE_FLAG(D_WAAP_PARSER_GQL, D_WAAP_PARSER)
            DEFINE_FLAG(D_WAAP_PARSER_MULTIPART_FORM, D_WAAP_PARSER)
            DEFINE_FLAG(D_WAAP_PARSER_RAW, D_WAAP_PARSER)
+            DEFINE_FLAG(D_WAAP_PARSER_GZIP, D_WAAP_PARSER)
            DEFINE_FLAG(D_WAAP_PARSER_URLENCODE, D_WAAP_PARSER)
            DEFINE_FLAG(D_WAAP_PARSER_PHPSERIALIZE, D_WAAP_PARSER)
            DEFINE_FLAG(D_WAAP_PARSER_PERCENT, D_WAAP_PARSER)
--- a/core/messaging/connection/connection.cc
+++ b/core/messaging/connection/connection.cc
@@ -262,6 +262,29 @@ public:
    }

 private:
+    string
+    getCertificateDirectory()
+    {
+        auto details_ssl_dir = Singleton::Consume<I_AgentDetails>::by<Messaging>()->getOpenSSLDir();
+
+        if (details_ssl_dir.ok()) {
+            return *details_ssl_dir;
+        }
+
+        // Use detail_resolver to determine platform-specific certificate directory
+#if defined(alpine)
+       string platform = "alpine";
+#else
+       string platform = "linux";
+#endif
+
+        if (platform == "alpine") {
+            return "/etc/ssl/certs/";
+        }
+
+        return "/usr/lib/ssl/certs/";
+    }
+
    Maybe<void>
    setSSLContext()
    {
@@ -296,10 +319,11 @@ private:
        }

        dbgTrace(D_CONNECTION) << "Setting CA authentication";
-        auto details_ssl_dir = Singleton::Consume<I_AgentDetails>::by<Messaging>()->getOpenSSLDir();
-        auto openssl_dir = details_ssl_dir.ok() ? *details_ssl_dir : "/usr/lib/ssl/certs/";
-        auto configured_ssl_dir = getConfigurationWithDefault(openssl_dir, "message", "Trusted CA directory");
-        const char *ca_dir = configured_ssl_dir.empty() ? nullptr : configured_ssl_dir.c_str();
+
+        auto default_ssl_dir = getCertificateDirectory();
+        auto configured_ssl_dir =
+            getProfileAgentSettingWithDefault<string>(default_ssl_dir, "agent.config.message.capath");
+        const char *ca_dir = configured_ssl_dir.empty() ? "/usr/lib/ssl/certs/" : configured_ssl_dir.c_str();

        if (SSL_CTX_load_verify_locations(ssl_ctx.get(), ca_path.c_str(), ca_dir) != 1) {
            return genError("Failed to load certificate locations");